feat: Apply stricter linter rules

.azuredevops/build-pipeline.yml

@@ -1,22 +1,17 @@
 pool:
-  vmImage: 'ubuntu-24.04'
+  vmImage: 'ubuntu-latest'
 
 variables:
   - name: bufVersion
-    # go install github.com/bufbuild/buf/cmd/buf@
+    value: v1.50.1
-    value: v1.63.0
   - name: golangCiLintVersion
-    # github.com/golangci/golangci-lint
+    value: v1.64.7
-    value: v2.8.0
   - name: goVersion
-    # github.com/golang/go
+    value: 1.23.0
-    value: 1.24.0
   - name: protobufValidateVersion
-    # go install github.com/envoyproxy/protoc-gen-validate@
+    value: v1.2.1
-    value: v1.3.0
   - name: protobufVersion
-    # go install google.golang.org/protobuf/cmd/protoc-gen-go@
+    value: v1.36.5
-    value: v1.36.11
   - name: GOPATH
     value: '$(system.defaultWorkingDirectory)/gopath'
 
@@ -26,7 +21,6 @@ stages:
       - job: GoBuildTest
         displayName: Run build and tests
         variables:
-          - group: artifactory-xx-sit-odj-sec-ident
           - name: isCiBuild
             value: $[eq(variables['Build.SourceBranch'], 'refs/heads/main')]
         steps:
@@ -86,10 +80,6 @@ stages:
             condition: succeeded()
             displayName: Check local changes after code generation and formatting
 
-          - script: echo "$(ARTIFACTORY_PASSWORD)" | docker login schwarzit-docker.jfrog.io --username $(ARTIFACTORY_USER) --password-stdin
-            displayName: 'Docker login'
-            condition: succeeded()
-
           - bash: go build ./...
             condition: succeeded()
             displayName: Build

.azuredevops/main-code-analyze.yml

@@ -1,46 +0,0 @@
----
-name: audit_go_main_code_analyze_$(Date:yyyy-MM-dd)_$(SourceBranchName)_$(Rev:r)
-
-trigger:
-  - main
-
-resources:
-  repositories:
-    - repository: tools
-      type: git
-      name: schwarzit.stackit-core-platform/core-platform-tools
-      ref: refs/tags/v1.15.0
-
-pool:
-  vmImage: ubuntu-24.04
-
-variables:
-  - name: reportDir
-    value: '$(System.DefaultWorkingDirectory)/out'
-  - name: goVersion
-    value: 1.25.5
-
-stages:
-  - stage: CodeQualityScans
-    displayName: "Code Quality Scans"
-    jobs:
-      - template: ./.azuredevops/templates/jobs/code/code-format.yml@tools
-        parameters:
-          lintReports: true
-          lintReportDir: $(reportDir)
-
-      - template: ./.azuredevops/templates/jobs/code/code-test.yml@tools
-        parameters:
-          testReports: true
-          testReportDir: $(reportDir)
-
-      - template: ./.azuredevops/templates/jobs/code/code-quality-scans.yml@tools
-        parameters:
-          dependsOn:
-            - Tests
-            - Linter
-          organization: 'xx-sit-odj-stackit-public'
-          serviceConnection: 'xx-sit-odj-stackit-public-snyk'
-          sonar: true
-          sonarReportSourceDir: $(reportDir)
-          sonarServiceConnection: sonarqube-audit-go

.azuredevops/pull_request_template.md

@@ -6,6 +6,6 @@
 
 [Describe how the change was tested if it needs explanation]
 
-Security-concept-update-needed: false.
+Security-concept-update-needed: true/false.
 
-JIRA Work Item: [STACKITRMA-XXX](https://jira.schwarz/browse/STACKITRMA-XXX)
+JIRA Work Item: STACKITALO-xxx

.azuredevops/release-pipeline.yml

@@ -1,7 +1,7 @@
 trigger: none
 
 pool:
-  vmImage: 'ubuntu-24.04'
+  vmImage: 'ubuntu-latest'
 
 parameters:
   - name: releaseType

.golangci.yml

@@ -1,287 +1,272 @@
-version: "2"
+linters-settings:
-run:
+  errcheck:
-  issues-exit-code: 1
+    # report about not checking of errors in type assetions: `a := b.(MyStruct)`;
-  tests: true
+    # default is false: such cases aren't reported by default.
+    check-type-assertions: true
+
+    # report about assignment of errors to blank identifier: `num, _ := strconv.Atoi(numStr)`;
+    # default is false: such cases aren't reported by default.
+    check-blank: true
+  exhaustive:
+    # Presence of "default" case in switch statements satisfies exhaustiveness,
+    # even if all enum members are not listed.
+    default-signifies-exhaustive: true
+  funlen:
+    lines: 100
+    statements: 50
+  gocyclo:
+    min-complexity: 45
+  gocognit:
+    min-complexity: 45
+  dupl:
+    threshold: 150
+  goconst:
+    min-len: 3
+    min-occurrences: 5
+  govet:
+    enable-all: true
+    disable:
+      - fieldalignment
+  lll:
+    line-length: 180
+    tab-width: 1
+  cyclop:
+    # the maximal code complexity to report
+    max-complexity: 45
+    # the maximal average package complexity. If it's higher than 0.0 (float) the check is enabled (default 0.0)
+    package-average: 0.0
+  unused:
+    # treat code as a program (not a library) and report unused exported identifiers; default is false.
+    # XXX: if you enable this setting, unused will report a lot of false-positives in text editors:
+    # if it's called for subdir of a project it can't find funcs usages. All text editor integrations
+    # with golangci-lint call it on a directory with the changed file.
+    check-exported: false
+  unparam:
+    # Inspect exported functions, default is false. Set to true if no external program/library imports your code.
+    # XXX: if you enable this setting, unparam will report a lot of false-positives in text editors:
+    # if it's called for subdir of a project it can't find external interfaces. All text editor integrations
+    # with golangci-lint call it on a directory with the changed file.
+    check-exported: false
+  nakedret:
+    # make an issue if func has more lines of code than this setting and it has naked returns; default is 30
+    max-func-lines: 5
+  prealloc:
+    # XXX: we don't recommend using this linter before doing performance profiling.
+    # For most programs usage of prealloc will be a premature optimization.
+
+    # Report preallocation suggestions only on simple loops that have no returns/breaks/continues/gotos in them.
+    # True by default.
+    simple: true
+    range-loops: true # Report preallocation suggestions on range loops, true by default
+    for-loops: true # Report preallocation suggestions on for loops, false by default
+  gocritic:
+    enabled-tags:
+      - diagnostic
+      - experimental
+      - opinionated
+      - performance
+      - style
+    disabled-checks:
+      - dupImport # https://github.com/go-critic/go-critic/issues/845
+      - octalLiteral
+      - unnamedResult
+    # Settings passed to gocritic.
+    # The settings key is the name of a supported gocritic checker.
+    # The list of supported checkers can be find in https://go-critic.github.io/overview.
+    settings:
+      hugeParam:
+        # Size in bytes that makes the warning trigger.
+        # Default: 80
+        sizeThreshold: 121
+  dogsled:
+    # checks assignments with too many blank identifiers; default is 2
+    max-blank-identifiers: 2
+  whitespace:
+    multi-if: false # Enforces newlines (or comments) after every multi-line if statement
+    multi-func: false # Enforces newlines (or comments) after every multi-line function signature
+  gomoddirectives:
+    # List of allowed `replace` directives. Default is empty.
+    # Add your allowed `replace` targets here, this rule is so you don't accidentally commit replacements you added for testing
+    replace-allow-list: []
+  nolintlint:
+    allow-leading-space: false # require machine-readable nolint directives (i.e. with no leading space)
+    allow-unused: false # report any unused nolint directives
+    require-explanation: true # require an explanation for nolint directives
+    require-specific: true # require nolint directives to be specific about which linter is being skipped
+  nlreturn:
+    # Size of the block (including return statement that is still "OK")
+    # so no return split required.
+    block-size: 5
+  stylecheck:
+    initialisms: ["ACL", "API", "ASCII", "CPU", "CSS", "DNS", "EOF", "GUID", "HTML", "HTTP", "HTTPS", "ID", "IP", "JSON", "QPS", "RAM", "RPC", "SLA", "SMTP", "SQL", "SSH", "TCP", "TLS", "TTL", "UDP", "UI", "GID", "UID", "UUID", "URI", "URL", "UTF8", "VM", "XML", "XMPP", "XSRF", "XSS", "SIP", "RTP", "AMQP", "DB", "TS"]
+  revive:
+    rules:
+      - name: context-keys-type
+        disabled: false
+      - name: time-naming
+        disabled: false
+      - name: var-declaration
+        disabled: false
+      - name: unexported-return
+        disabled: false
+      - name: errorf
+        disabled: false
+      - name: blank-imports
+        disabled: false
+      - name: context-as-argument
+        disabled: false
+      - name: dot-imports
+        disabled: false
+      - name: error-return
+        disabled: false
+      - name: error-strings
+        disabled: false
+      - name: error-naming
+        disabled: false
+      - name: exported
+        disabled: false
+      - name: increment-decrement
+        disabled: false
+      - name: var-naming
+        disabled: true
+      - name: package-comments
+        disabled: false
+      - name: range
+        disabled: false
+      - name: receiver-naming
+        disabled: false
+      - name: indent-error-flow
+        disabled: false
+  nestif:
+    min-complexity: 10
+
 linters:
-  default: none
+  # please, do not use `enable-all`: it's deprecated and will be removed soon.
+  # inverted configuration with `enable-all` and `disable` is not scalable during updates of golangci-lint
+  disable-all: true
   enable:
-    - asciicheck
-    - bodyclose
-    - copyloopvar
-    - cyclop
     - dogsled
     - dupl
-    - durationcheck
+    - copyloopvar
-    - errcheck
-    - errorlint
     - exhaustive
-    - forbidigo
-    - forcetypeassert
-    - gochecknoglobals
     - gochecknoinits
-    - gocognit
     - goconst
     - gocritic
     - gocyclo
-    - gomoddirectives
-    - gomodguard
     - goprintffuncname
     - gosec
     - govet
-    - importas
     - ineffassign
     - lll
-    - makezero
+    - gosimple
     - misspell
     - nakedret
+    - nolintlint
+    - revive
+    - staticcheck
+    - typecheck
+    - unconvert
+    - unused
+    - gochecknoglobals
+    - prealloc
+    - asciicheck
     - nestif
+    - bodyclose
+    - cyclop
+    - durationcheck
+    - errcheck
+    - errorlint
+    - forbidigo
+    - forcetypeassert
+    - gocognit
+    - gomoddirectives
+    - gomodguard
+    - importas
+    - makezero
     - nilerr
     - noctx
-    - nolintlint
-    - prealloc
     - predeclared
     - promlinter
-    - revive
     - rowserrcheck
     - sqlclosecheck
-    - staticcheck
     - tparallel
-    - unconvert
     - unparam
-    - unused
     - wastedassign
-  settings:
+
-    cyclop:
-      max-complexity: 45
-      package-average: 0
-    dogsled:
-      max-blank-identifiers: 2
-    dupl:
-      threshold: 150
-    errcheck:
-      check-type-assertions: true
-      check-blank: true
-    exhaustive:
-      default-signifies-exhaustive: true
-    funlen:
-      lines: 100
-      statements: 50
-    gocognit:
-      min-complexity: 45
-    goconst:
-      min-len: 3
-      min-occurrences: 5
-    gocritic:
-      disabled-checks:
-        - dupImport
-        - octalLiteral
-        - unnamedResult
-      enabled-tags:
-        - diagnostic
-        - experimental
-        - opinionated
-        - performance
-        - style
-      settings:
-        hugeParam:
-          sizeThreshold: 121
-    gocyclo:
-      min-complexity: 45
-    govet:
-      disable:
-        - fieldalignment
-      enable-all: true
-    lll:
-      line-length: 180
-      tab-width: 1
-    nakedret:
-      max-func-lines: 5
-    nestif:
-      min-complexity: 10
-    nlreturn:
-      block-size: 5
-    nolintlint:
-      require-explanation: true
-      require-specific: true
-      allow-unused: false
-    prealloc:
-      simple: true
-      range-loops: true
-      for-loops: true
-    revive:
-      rules:
-        - name: context-keys-type
-          disabled: false
-        - name: time-naming
-          disabled: false
-        - name: var-declaration
-          disabled: false
-        - name: unexported-return
-          disabled: false
-        - name: errorf
-          disabled: false
-        - name: blank-imports
-          disabled: false
-        - name: context-as-argument
-          disabled: false
-        - name: dot-imports
-          disabled: false
-        - name: error-return
-          disabled: false
-        - name: error-strings
-          disabled: false
-        - name: error-naming
-          disabled: false
-        - name: exported
-          disabled: false
-        - name: increment-decrement
-          disabled: false
-        - name: var-naming
-          disabled: true
-        - name: package-comments
-          disabled: false
-        - name: range
-          disabled: false
-        - name: receiver-naming
-          disabled: false
-        - name: indent-error-flow
-          disabled: false
-    staticcheck:
-      initialisms:
-        - ACL
-        - API
-        - ASCII
-        - CPU
-        - CSS
-        - DNS
-        - EOF
-        - GUID
-        - HTML
-        - HTTP
-        - HTTPS
-        - ID
-        - IP
-        - JSON
-        - QPS
-        - RAM
-        - RPC
-        - SLA
-        - SMTP
-        - SQL
-        - SSH
-        - TCP
-        - TLS
-        - TTL
-        - UDP
-        - UI
-        - GID
-        - UID
-        - UUID
-        - URI
-        - URL
-        - UTF8
-        - VM
-        - XML
-        - XMPP
-        - XSRF
-        - XSS
-        - SIP
-        - RTP
-        - AMQP
-        - DB
-        - TS
-    unparam:
-      check-exported: false
-    unused:
-      exported-fields-are-used: false
-    whitespace:
-      multi-if: false
-      multi-func: false
-  exclusions:
-    generated: lax
-    presets:
-      - comments
-      - common-false-positives
-      - legacy
-      - std-error-handling
-    rules:
-      - path: internal/audit/api/api_common.go
-        text: context-as-argument
-      - linters:
-          - gochecknoglobals
-        path: pkg/audit/common/api.go|pkg/log/log.go|internal/telemetry/telemetry.go
-      - linters:
-          - dupl
-        path: pkg/audit/api/api_.*.go
-      - path: internal/audit/api/model_test.go|internal/audit/api/model.go
-        text: G115
-      - linters:
-          - gosec
-        path: internal/audit/api/test_data.go
-      - linters:
-          - dogsled
-          - dupl
-          - errcheck
-          - forbidigo
-          - forcetypeassert
-          - gochecknoglobals
-          - gocognit
-          - goconst
-          - gocritic
-          - ineffassign
-          - lll
-          - nakedret
-          - nestif
-          - nlreturn
-          - noctx
-          - revive
-          - staticcheck
-          - unconvert
-          - unparam
-          - wastedassign
-          - wsl
-        path: _test\.go
-      - linters:
-          - govet
-        text: declaration of "err" shadows declaration
-      - linters:
-          - dogsled
-          - dupl
-          - errcheck
-          - forbidigo
-          - forcetypeassert
-          - gochecknoglobals
-          - gocognit
-          - goconst
-          - gocritic
-          - ineffassign
-          - lll
-          - nakedret
-          - nestif
-          - nlreturn
-          - noctx
-          - revive
-          - staticcheck
-          - unconvert
-          - unparam
-          - wastedassign
-          - wsl
-        path: test_.*\.go|pkg/messaging/test/solace.go
-      - linters:
-          - prealloc
-        path: internal/messaging/amqp_connection_pool_test.go
-        text: Consider preallocating connections with capacity 5
-    paths:
-      - third_party$
-      - builtin$
-      - examples$
 issues:
-  max-issues-per-linter: 0
+  # Excluding configuration per-path, per-linter, per-text and per-source
+  exclude-rules:
+    - path: audit/api/api_common.go
+      text: 'context-as-argument'
+    - path: audit/api/api.go|log/log.go|audit/api/model.go|telemetry/telemetry.go
+      linters:
+        - gochecknoglobals
+    - path: audit/api/api_.*.go
+      linters:
+        - dupl
+    - path: audit/api/model.go
+      text: 'exported: type name will be used as api.ApiRequest by other packages'
+    - path: audit/api/model_test.go|audit/api/model.go
+      text: 'G115'
+    - path: audit/api/test_data.go
+      linters:
+        - gosec
+    - path: _test\.go
+      linters:
+        - gochecknoglobals
+        - noctx
+        - forcetypeassert
+        - dogsled
+        - goconst
+        - unparam
+        - dupl
+        - errcheck
+        - forbidigo
+        - lll
+        - gocritic
+        - nestif
+        - revive
+        - gocognit
+        - unconvert
+        - unparam
+        - wsl
+        - gosimple
+        - ineffassign
+        - nakedret
+        - nlreturn
+        - staticcheck
+        - wastedassign
+    - text: 'declaration of "err" shadows declaration'
+      linters:
+        - govet
+    - path: test_.*\.go|audit/messaging/solace.go
+      linters:
+        - gochecknoglobals
+        - noctx
+        - forcetypeassert
+        - dogsled
+        - goconst
+        - unparam
+        - dupl
+        - errcheck
+        - forbidigo
+        - lll
+        - gocritic
+        - nestif
+        - revive
+        - gocognit
+        - unconvert
+        - unparam
+        - wsl
+        - gosimple
+        - ineffassign
+        - nakedret
+        - nlreturn
+        - staticcheck
+        - wastedassign
   max-same-issues: 0
-formatters:
+  max-issues-per-linter: 0
-  exclusions:
+run:
-    generated: lax
+  timeout: 10m
-    paths:
+  issues-exit-code: 1
-      - third_party$
+  tests: true
-      - builtin$
-      - examples$

Makefile

@@ -1,82 +0,0 @@
-SHELL = /bin/bash -euo pipefail
-PWD = $(shell pwd)
-export PATH := $(PWD)/bin:$(PATH)
-
-# constants
-GOLANGCI_VERSION = 2.8.0
-
-all: download build ## Initializes all tools and files
-all/ci: ado-git-setup all
-
-out:
-	@mkdir -pv "$(@)"
-
-build: out ## do nothing
-
-.PHONY: build/%
-build/%: out ## do nothing
-
-download:
-	@go mod download
-
-fmt:
-	@go fmt ./...
-
-GOLANGCI_LINT = bin/golangci-lint-$(GOLANGCI_VERSION)
-$(GOLANGCI_LINT):
-	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- -b bin v$(GOLANGCI_VERSION)
-	@mv bin/golangci-lint "$(@)"
-
-lint: fmt $(GOLANGCI_LINT) download ## Lints all code with golangci-lint
-	@$(GOLANGCI_LINT) run
-
-lint/fix: fmt $(GOLANGCI_LINT) download ## Fixes automatically fixable things like imports for the defined lint rules
-	@$(GOLANGCI_LINT) run --fix
-
-lint/reports: fmt $(GOLANGCI_LINT) download ## Fixes automatically fixable things like imports for the defined lint rules
-	@$(GOLANGCI_LINT) run ./... --output.checkstyle.path stdout | awk '!/0 issues./' > out/lint.xml
-
-test-clean:
-	@go clean -testcache
-
-tidy:
-	@go mod tidy
-
-test:
-	@go test ./...
-
-coverage: out/report.json ## Displays coverage per func on cli
-	go tool cover -func=out/cover.out
-
-html-coverage: out/report.json ## Displays the coverage results in the browser
-	go tool cover -html=out/cover.out
-
-test-reports: out/report.json
-
-.PHONY: out/report.json
-out/report.json: out
-	go test -v $$(go list ./... | grep -v '/tests') -tags=unit -coverprofile=out/cover.out -json | tee "$(@)"
-
-clean:
-	@rm -rf bin out
-
-.PHONY: ado-git-setup
-ado-git-setup:
-    # Add "dev.azure.com/schwarzit" to GOPRIVATE if not present
-	@priv="$$(go env GOPRIVATE)"; \
-	[[ "$$priv" =~ '(^|,)dev\.azure\.com(/|,|$)' ]] || go env -w "GOPRIVATE=$${priv:+$$priv,}dev.azure.com/schwarzit"
-    # Configure HTTPS (with PAT) or SSH access to Go import paths
-	@if [[ -n "$${ADO_PAT:+x}" ]]; then \
-		git config --global "url.https://schwarzit:$${ADO_PAT}@dev.azure.com/schwarzit/.insteadof" 'https://dev.azure.com/schwarzit/'; \
-	else \
-		git config --global 'url.git@ssh.dev.azure.com:v3/schwarzit.insteadOf' 'https://dev.azure.com/schwarzit'; \
-	fi
-
-help:
-	@echo 'Usage: make <OPTIONS> ... <TARGETS>'
-	@echo ''
-	@echo 'Available targets are:'
-	@echo ''
-	@grep -E '^[ a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | \
-	awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
-	@echo ''

README.md

@@ -1,35 +1,3 @@
-> ## DEPRECATION NOTICE  
-> 
-> ### Discontinuation of the current audit log system
->
-> The audit log system provided to date will be discontinued in its current form. 
-> This decision was made to pave the way for a new, more powerful audit log system that 
-> will be provided in the future. The new system offers extended functionalities and 
-> improved integration options, particularly with regard to the use and analysis of 
-> audit data by our customers.  
->   
-> ### What does it mean?
-> The existing audit log system will be supported until the new system is generally 
-> available to customers on Mai 1, 2026.  
-> **Services that are already sending audit log events to the existing audit log 
-> system must continue to do so until the new system is GA** and further information 
-> about the shutdown process is provided.  
-> **Large volumes of new audit event types must not be sent to the existing audit log
-> system.**  
->
-> STACKIT services should start migrating to the new system now by sending data to 
-> the new system (**in parallel**).  
-> **The new audit log system may drop and does not guarantee to store events until 
-> it will be GA**.  
-> Further information on the changeover and how to use the new system can be found in the
-> [developer docs](https://developers.stackit.schwarz/domains/central-services/telemetry-router/integration/).  
-> 
-> We are confident that the new audit log system will make an important contribution to 
-> improving the transparency, traceability, and integration for our customers. 
-> If you have any questions or need assistance, the 
-> [STACKIT Telemetry Hub](https://chat.google.com/room/AAQAf9NsX6M?cls=7) team will be 
-> happy to help.  
-
 ## audit-go
 
 The audit-go library is the core library for validation and sending of audit events.
@@ -64,7 +32,13 @@ The code can be found in the [api_routable.go](./api_routable.go) and
 ### Development
 
 #### Go
-The current minimum Go version is **go1.24.0**.
+The current minimum toolchain version is **go1.23**.  
+The toolchain version can be set as environment variable (either manually in the terminal
+or in the ~/.basrc or ~/.zshrc):
+
+```shell
+export GOTOOLCHAIN=go1.23.0
+```
 
 #### Linter
 
@@ -72,7 +46,7 @@ The linter *golangci-lint* can either be installed via package manager (e.g. bre
 by running the following command in the terminal:
 
 ```shell
-curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v2.8.0
+curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.64.7
 ```
 
 #### Schema Generation
@@ -87,9 +61,9 @@ Buf and the required plugins can either be installed via package manager (e.g. b
 or manually by running:
 
 ```shell
-go install github.com/bufbuild/buf/cmd/buf@v1.63.0              #Pipeline: bufVersion
+go install github.com/bufbuild/buf/cmd/buf@v1.50.1              #Pipeline: bufVersion
-go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.36.11 #Pipeline: protobufVersion,         go.mod: buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go 
+go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.36.5 #Pipeline: protobufVersion,         go.mod: buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go 
-go install github.com/envoyproxy/protoc-gen-validate@v1.3.0     #Pipeline: protobufValidateVersion, go.mod: google.golang.org/protobuf
+go install github.com/envoyproxy/protoc-gen-validate@v1.2.1     #Pipeline: protobufValidateVersion, go.mod: google.golang.org/protobuf
 ```
 
 Please check that the versions above match the versions in the *go.mod* file

audit/api/api.go

@@ -1,23 +1,16 @@
-package common
+package api
 
 import (
 	"context"
-	"regexp"
 	"time"
 
-	"buf.build/go/protovalidate"
 	"github.com/google/uuid"
-	"google.golang.org/protobuf/proto"
 
 	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"
+
+	"google.golang.org/protobuf/proto"
 )
 
-// ContentTypeCloudEventsProtobuf the cloudevents protobuf content-type sent in metadata of messages
-const ContentTypeCloudEventsProtobuf = "application/cloudevents+protobuf"
-const ContentTypeCloudEventsJson = "application/cloudevents+json; charset=UTF-8"
-
-var TopicNamePattern = regexp.MustCompile(`^topic://stackit-platform/t/swz/audit-log/(?:conway|eu01|eu02|sx-stoi01)/[Vv][1-9](?:\.\d)?/[A-Za-z0-9-]+/[A-Za-z0-9-/]+`)
-
 type EventType string
 
 const (
@@ -149,7 +142,7 @@ type AuditApi interface {
 // ProtobufValidator is an abstraction for validators.
 // Concrete implementations are e.g. protovalidate.Validator
 type ProtobufValidator interface {
-	Validate(msg proto.Message, options ...protovalidate.ValidationOption) error
+	Validate(msg proto.Message) error
 }
 
 // CloudEvent is a representation of a cloudevents.io object.
@@ -224,17 +217,6 @@ type TopicNameResolver interface {
 	Resolve(routableIdentifier *RoutableIdentifier) (string, error)
 }
 
-// StaticTopicNameTestResolver implements TopicNameResolver.
-// A hard-coded topic name is used, routable identifiers are ignored.
-type StaticTopicNameTestResolver struct {
-	TopicName string
-}
-
-// Resolve implements TopicNameResolver.Resolve
-func (r *StaticTopicNameTestResolver) Resolve(*RoutableIdentifier) (string, error) {
-	return r.TopicName, nil
-}
-
 type RoutableIdentifier struct {
 	Identifier string
 	Type       ObjectType

audit/api/api_common.go

@@ -2,27 +2,72 @@ package api
 
 import (
 	"context"
+	"dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/telemetry"
 	"errors"
 	"fmt"
-	"regexp"
 	"strings"
 
 	"github.com/google/uuid"
-	"google.golang.org/protobuf/proto"
 
+	"dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/audit/messaging"
 	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"
-	internalTelemetry "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/internal/telemetry"
+
-	pkgAuditCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/audit/common"
+	"google.golang.org/protobuf/proto"
-	pkgMessagingApi "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/messaging/api"
 )
 
-var TopicNamePattern = regexp.MustCompile(`^topic://stackit-platform/t/swz/audit-log/(?:conway|eu01|eu02|sx-stoi01)/[Vv][1-9](?:\.\d)?/[A-Za-z0-9-]+/[A-Za-z0-9-/]+`)
+// ContentTypeCloudEventsProtobuf the cloudevents protobuf content-type sent in metadata of messages
+const ContentTypeCloudEventsProtobuf = "application/cloudevents+protobuf"
+const ContentTypeCloudEventsJson = "application/cloudevents+json; charset=UTF-8"
 
-func ValidateAndSerializePartially(
+// ErrAttributeIdentifierInvalid indicates that the object identifier
-	validator pkgAuditCommon.ProtobufValidator,
+// and the identifier in the checked attribute do not match
+var ErrAttributeIdentifierInvalid = errors.New("attribute identifier invalid")
+
+// ErrAttributeTypeInvalid indicates that an invalid type has been provided.
+var ErrAttributeTypeInvalid = errors.New("attribute type invalid")
+
+// ErrCloudEventNil states that the given cloud event is nil
+var ErrCloudEventNil = errors.New("cloud event nil")
+
+// ErrEventNil indicates that the event was nil
+var ErrEventNil = errors.New("event is nil")
+
+// ErrInvalidRoutableIdentifierForSystemEvent states that the routable identifier is not valid for a system event
+var ErrInvalidRoutableIdentifierForSystemEvent = errors.New("invalid identifier for system event")
+
+// ErrMessagingApiNil states that the messaging api is nil
+var ErrMessagingApiNil = errors.New("messaging api nil")
+
+// ErrObjectIdentifierNil indicates that the object identifier was nil
+var ErrObjectIdentifierNil = errors.New("object identifier is nil")
+
+// ErrObjectIdentifierVisibilityMismatch indicates that a reference mismatch was detected.
+//
+//	Valid combinations are:
+//	* Visibility: Public, ObjectIdentifier: <type>
+//	* Visibility: Private, ObjectIdentifier: <type | system>
+var ErrObjectIdentifierVisibilityMismatch = errors.New("object reference visibility mismatch")
+
+// ErrTopicNameResolverNil states that the topic name resolve is nil
+var ErrTopicNameResolverNil = errors.New("topic name resolver nil")
+
+// ErrUnknownObjectType indicates that the given input is an unknown object type
+var ErrUnknownObjectType = errors.New("unknown object type")
+
+// ErrUnsupportedEventTypeDataAccess states that the event type "data-access" is currently not supported
+var ErrUnsupportedEventTypeDataAccess = errors.New("unsupported event type data access")
+
+// ErrUnsupportedObjectIdentifierType indicates that an unsupported object identifier type has been provided
+var ErrUnsupportedObjectIdentifierType = errors.New("unsupported object identifier type")
+
+// ErrUnsupportedRoutableType indicates that the given input is an unsupported routable type
+var ErrUnsupportedRoutableType = errors.New("unsupported routable type")
+
+func validateAndSerializePartially(
+	validator ProtobufValidator,
 	event *auditV1.AuditLogEntry,
 	visibility auditV1.Visibility,
-	routableIdentifier *pkgAuditCommon.RoutableIdentifier,
+	routableIdentifier *RoutableIdentifier,
 ) (*auditV1.RoutableAuditEvent, error) {
 
 	// Check preconditions
@@ -41,10 +86,10 @@ func ValidateAndSerializePartially(
 }
 
 func newValidatedRoutableAuditEvent(
-	validator pkgAuditCommon.ProtobufValidator,
+	validator ProtobufValidator,
 	event *auditV1.AuditLogEntry,
 	visibility auditV1.Visibility,
-	routableIdentifier *pkgAuditCommon.RoutableIdentifier) (*auditV1.RoutableAuditEvent, error) {
+	routableIdentifier *RoutableIdentifier) (*auditV1.RoutableAuditEvent, error) {
 
 	// Test serialization even if the data is dropped later when logging to the legacy solution
 	auditEventBytes, err := proto.Marshal(event)
@@ -72,18 +117,18 @@ func newValidatedRoutableAuditEvent(
 }
 
 func validateAuditLogEntry(
-	validator pkgAuditCommon.ProtobufValidator,
+	validator ProtobufValidator,
 	event *auditV1.AuditLogEntry,
 	visibility auditV1.Visibility,
-	routableIdentifier *pkgAuditCommon.RoutableIdentifier,
+	routableIdentifier *RoutableIdentifier,
 ) error {
 
 	// Return error if the given event or object identifier is nil
 	if event == nil {
-		return pkgAuditCommon.ErrEventNil
+		return ErrEventNil
 	}
 	if routableIdentifier == nil {
-		return pkgAuditCommon.ErrObjectIdentifierNil
+		return ErrObjectIdentifierNil
 	}
 
 	// Validate the actual event
@@ -94,21 +139,21 @@ func validateAuditLogEntry(
 
 	// Ensure that a valid object identifier is set if the event is public
 	if isSystemIdentifier(routableIdentifier) && visibility == auditV1.Visibility_VISIBILITY_PUBLIC {
-		return pkgAuditCommon.ErrObjectIdentifierVisibilityMismatch
+		return ErrObjectIdentifierVisibilityMismatch
 	}
 
 	// Check that provided identifier type is supported
 	if err := routableIdentifier.Type.IsSupportedType(); err != nil {
-		if errors.Is(err, pkgAuditCommon.ErrUnknownObjectType) {
+		if errors.Is(err, ErrUnknownObjectType) {
-			return pkgAuditCommon.ErrUnsupportedRoutableType
+			return ErrUnsupportedRoutableType
 		}
 		return err
 	}
 
 	// Check identifier consistency across event attributes
-	if strings.HasSuffix(event.LogName, string(pkgAuditCommon.EventTypeSystemEvent)) {
+	if strings.HasSuffix(event.LogName, string(EventTypeSystemEvent)) {
-		if routableIdentifier.Identifier != pkgAuditCommon.SystemIdentifier.Identifier || routableIdentifier.Type != pkgAuditCommon.ObjectTypeSystem {
+		if !(routableIdentifier.Identifier == SystemIdentifier.Identifier && routableIdentifier.Type == ObjectTypeSystem) {
-			return pkgAuditCommon.ErrInvalidRoutableIdentifierForSystemEvent
+			return ErrInvalidRoutableIdentifierForSystemEvent
 		}
 		// The resource name can either contain the system identifier or another resource identifier
 	} else {
@@ -123,32 +168,32 @@ func validateAuditLogEntry(
 }
 
 // Send implements AuditApi.Send
-func Send(
+func send(
-	topicNameResolver pkgAuditCommon.TopicNameResolver,
+	topicNameResolver TopicNameResolver,
-	messagingApi pkgMessagingApi.Api,
+	messagingApi messaging.Api,
 	ctx context.Context,
-	routableIdentifier *pkgAuditCommon.RoutableIdentifier,
+	routableIdentifier *RoutableIdentifier,
-	cloudEvent *pkgAuditCommon.CloudEvent,
+	cloudEvent *CloudEvent,
 ) error {
 
 	// Check that given objects are not nil
 	if topicNameResolver == nil {
-		return pkgAuditCommon.ErrTopicNameResolverNil
+		return ErrTopicNameResolverNil
 	}
 	if messagingApi == nil {
-		return pkgAuditCommon.ErrMessagingApiNil
+		return ErrMessagingApiNil
 	}
 	if cloudEvent == nil {
-		return pkgAuditCommon.ErrCloudEventNil
+		return ErrCloudEventNil
 	}
 	if routableIdentifier == nil {
-		return pkgAuditCommon.ErrObjectIdentifierNil
+		return ErrObjectIdentifierNil
 	}
 
 	// Check that provided identifier type is supported
 	if err := routableIdentifier.Type.IsSupportedType(); err != nil {
-		if errors.Is(err, pkgAuditCommon.ErrUnknownObjectType) {
+		if errors.Is(err, ErrUnknownObjectType) {
-			return pkgAuditCommon.ErrUnsupportedRoutableType
+			return ErrUnsupportedRoutableType
 		}
 		return err
 	}
@@ -177,15 +222,15 @@ func Send(
 
 	// Telemetry
 	applicationAttributes["cloudEvents:sdklanguage"] = "go"
-	auditGoVersion := internalTelemetry.AuditGoVersion
+	auditGoVersion := telemetry.AuditGoVersion
 	if auditGoVersion != "" {
 		applicationAttributes["cloudEvents:sdkversion"] = auditGoVersion
 	}
-	auditGoGrpcVersion := internalTelemetry.AuditGoGrpcVersion
+	auditGoGrpcVersion := telemetry.AuditGoGrpcVersion
 	if auditGoGrpcVersion != "" {
 		applicationAttributes["cloudEvents:sdkgrpcversion"] = auditGoGrpcVersion
 	}
-	auditGoHttpVersion := internalTelemetry.AuditGoHttpVersion
+	auditGoHttpVersion := telemetry.AuditGoHttpVersion
 	if auditGoHttpVersion != "" {
 		applicationAttributes["cloudEvents:sdkhttpversion"] = auditGoHttpVersion
 	}
@@ -198,16 +243,16 @@ func Send(
 		applicationAttributes)
 }
 
-func isSystemIdentifier(identifier *pkgAuditCommon.RoutableIdentifier) bool {
+func isSystemIdentifier(identifier *RoutableIdentifier) bool {
-	if identifier.Identifier == uuid.Nil.String() && identifier.Type == pkgAuditCommon.ObjectTypeSystem {
+	if identifier.Identifier == uuid.Nil.String() && identifier.Type == ObjectTypeSystem {
 		return true
 	}
 	return false
 }
 
-func areIdentifiersIdentical(routableIdentifier *pkgAuditCommon.RoutableIdentifier, logName string) error {
+func areIdentifiersIdentical(routableIdentifier *RoutableIdentifier, logName string) error {
 	dataType, identifier := getTypeAndIdentifierFromString(logName)
-	objectType := pkgAuditCommon.ObjectTypeFromPluralString(dataType)
+	objectType := ObjectTypeFromPluralString(dataType)
 	err := objectType.IsSupportedType()
 	if err != nil {
 		return err
@@ -215,12 +260,12 @@ func areIdentifiersIdentical(routableIdentifier *pkgAuditCommon.RoutableIdentifi
 	return areTypeAndIdentifierIdentical(routableIdentifier, objectType, identifier)
 }
 
-func areTypeAndIdentifierIdentical(routableIdentifier *pkgAuditCommon.RoutableIdentifier, dataType pkgAuditCommon.ObjectType, identifier string) error {
+func areTypeAndIdentifierIdentical(routableIdentifier *RoutableIdentifier, dataType ObjectType, identifier string) error {
 	if routableIdentifier.Identifier != identifier {
-		return pkgAuditCommon.ErrAttributeIdentifierInvalid
+		return ErrAttributeIdentifierInvalid
 	}
 	if routableIdentifier.Type != dataType {
-		return pkgAuditCommon.ErrAttributeTypeInvalid
+		return ErrAttributeTypeInvalid
 	}
 	return nil
 }

audit/api/api_common_test.go

@@ -0,0 +1,423 @@
+package api
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"strings"
+	"testing"
+	"time"
+
+	"dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/audit/messaging"
+	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"
+
+	"github.com/bufbuild/protovalidate-go"
+	"github.com/google/uuid"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/mock"
+	"google.golang.org/protobuf/proto"
+)
+
+type MessagingApiMock struct {
+	mock.Mock
+}
+
+func (m *MessagingApiMock) Send(
+	ctx context.Context,
+	topic string,
+	data []byte,
+	contentType string,
+	applicationProperties map[string]any,
+) error {
+
+	args := m.Called(ctx, topic, data, contentType, applicationProperties)
+	return args.Error(0)
+}
+
+func (m *MessagingApiMock) Close(_ context.Context) error {
+	return nil
+}
+
+type ProtobufValidatorMock struct {
+	mock.Mock
+}
+
+func (m *ProtobufValidatorMock) Validate(msg proto.Message) error {
+	args := m.Called(msg)
+	return args.Error(0)
+}
+
+type TopicNameResolverMock struct {
+	mock.Mock
+}
+
+func (m *TopicNameResolverMock) Resolve(routableIdentifier *RoutableIdentifier) (string, error) {
+	args := m.Called(routableIdentifier)
+	return args.String(0), args.Error(1)
+}
+
+func NewValidator(t *testing.T) ProtobufValidator {
+	validator, err := protovalidate.New()
+	var protoValidator ProtobufValidator = validator
+	assert.NoError(t, err)
+
+	return protoValidator
+}
+
+func Test_ValidateAndSerializePartially_EventNil(t *testing.T) {
+	validator := NewValidator(t)
+
+	_, err := validateAndSerializePartially(
+		validator, nil, auditV1.Visibility_VISIBILITY_PUBLIC, nil)
+
+	assert.ErrorIs(t, err, ErrEventNil)
+}
+
+func Test_ValidateAndSerializePartially_AuditEventValidationFailed(t *testing.T) {
+	validator := NewValidator(t)
+
+	event, objectIdentifier := newOrganizationAuditEvent(nil)
+	event.LogName = ""
+
+	_, err := validateAndSerializePartially(
+		validator, event, auditV1.Visibility_VISIBILITY_PUBLIC, NewRoutableIdentifier(objectIdentifier))
+
+	assert.EqualError(t, err, "validation error:\n - log_name: value is required [required]")
+}
+
+func Test_ValidateAndSerializePartially_RoutableEventValidationFailed(t *testing.T) {
+	validator := NewValidator(t)
+
+	event, objectIdentifier := newOrganizationAuditEvent(nil)
+	_, err := validateAndSerializePartially(validator, event, 3, NewRoutableIdentifier(objectIdentifier))
+
+	assert.EqualError(t, err, "validation error:\n - visibility: value must be one of the defined enum values [enum.defined_only]")
+}
+
+func Test_ValidateAndSerializePartially_CheckVisibility_Event(t *testing.T) {
+	validator := NewValidator(t)
+
+	event, objectIdentifier := newOrganizationAuditEvent(nil)
+
+	t.Run("Visibility public - object identifier nil", func(t *testing.T) {
+		_, err := validateAndSerializePartially(
+			validator, event, auditV1.Visibility_VISIBILITY_PUBLIC, nil)
+
+		assert.ErrorIs(t, err, ErrObjectIdentifierNil)
+	})
+
+	t.Run("Visibility private - object identifier nil", func(t *testing.T) {
+		_, err := validateAndSerializePartially(
+			validator, event, auditV1.Visibility_VISIBILITY_PRIVATE, nil)
+
+		assert.ErrorIs(t, err, ErrObjectIdentifierNil)
+	})
+
+	t.Run("Visibility public - object identifier system", func(t *testing.T) {
+		_, err := validateAndSerializePartially(
+			validator, event, auditV1.Visibility_VISIBILITY_PUBLIC, RoutableSystemIdentifier)
+
+		assert.ErrorIs(t, err, ErrObjectIdentifierVisibilityMismatch)
+	})
+
+	t.Run("Visibility public - object identifier set", func(t *testing.T) {
+		routableEvent, err := validateAndSerializePartially(
+			validator, event, auditV1.Visibility_VISIBILITY_PUBLIC, NewRoutableIdentifier(objectIdentifier))
+
+		assert.NoError(t, err)
+		assert.NotNil(t, routableEvent)
+	})
+
+	t.Run("Visibility private - object identifier system", func(t *testing.T) {
+		_, err := validateAndSerializePartially(
+			validator, event, auditV1.Visibility_VISIBILITY_PRIVATE, RoutableSystemIdentifier)
+
+		assert.ErrorIs(t, err, ErrAttributeIdentifierInvalid)
+	})
+
+	t.Run("Visibility private - object identifier set", func(t *testing.T) {
+		routableEvent, err := validateAndSerializePartially(
+			validator, event, auditV1.Visibility_VISIBILITY_PRIVATE, NewRoutableIdentifier(objectIdentifier))
+
+		assert.NoError(t, err)
+		assert.NotNil(t, routableEvent)
+	})
+}
+
+func Test_ValidateAndSerializePartially_CheckVisibility_SystemEvent(t *testing.T) {
+	validator := NewValidator(t)
+
+	event := newSystemAuditEvent(nil)
+
+	t.Run("Visibility public - object identifier nil", func(t *testing.T) {
+		_, err := validateAndSerializePartially(
+			validator, event, auditV1.Visibility_VISIBILITY_PUBLIC, nil)
+
+		assert.ErrorIs(t, err, ErrObjectIdentifierNil)
+	})
+
+	t.Run("Visibility private - object identifier  nil", func(t *testing.T) {
+		_, err := validateAndSerializePartially(
+			validator, event, auditV1.Visibility_VISIBILITY_PRIVATE, nil)
+
+		assert.ErrorIs(t, err, ErrObjectIdentifierNil)
+	})
+
+	t.Run("Visibility public - object identifier system", func(t *testing.T) {
+		_, err := validateAndSerializePartially(
+			validator, event, auditV1.Visibility_VISIBILITY_PUBLIC, RoutableSystemIdentifier)
+
+		assert.ErrorIs(t, err, ErrObjectIdentifierVisibilityMismatch)
+	})
+
+	t.Run("Visibility public - object identifier set", func(t *testing.T) {
+		_, err := validateAndSerializePartially(
+			validator, event, auditV1.Visibility_VISIBILITY_PUBLIC, NewRoutableIdentifier(
+				&auditV1.ObjectIdentifier{Identifier: uuid.NewString(), Type: string(ObjectTypeOrganization)}))
+
+		assert.ErrorIs(t, err, ErrInvalidRoutableIdentifierForSystemEvent)
+	})
+
+	t.Run("Visibility private - object identifier system", func(t *testing.T) {
+		routableEvent, err := validateAndSerializePartially(
+			validator, event, auditV1.Visibility_VISIBILITY_PRIVATE, RoutableSystemIdentifier)
+
+		assert.NoError(t, err)
+		assert.NotNil(t, routableEvent)
+	})
+
+	t.Run("Visibility private - object identifier set", func(t *testing.T) {
+		_, err := validateAndSerializePartially(
+			validator, event, auditV1.Visibility_VISIBILITY_PRIVATE, NewRoutableIdentifier(
+				&auditV1.ObjectIdentifier{Identifier: uuid.NewString(), Type: string(ObjectTypeOrganization)}))
+
+		assert.ErrorIs(t, err, ErrInvalidRoutableIdentifierForSystemEvent)
+	})
+}
+
+func Test_ValidateAndSerializePartially_UnsupportedIdentifierType(t *testing.T) {
+	validator := NewValidator(t)
+
+	event, objectIdentifier := newFolderAuditEvent(nil)
+	objectIdentifier.Type = "invalid"
+
+	_, err := validateAndSerializePartially(
+		validator, event, auditV1.Visibility_VISIBILITY_PUBLIC, NewRoutableIdentifier(objectIdentifier))
+
+	assert.ErrorIs(t, err, ErrUnsupportedRoutableType)
+}
+
+func Test_ValidateAndSerializePartially_LogNameIdentifierMismatch(t *testing.T) {
+	validator := NewValidator(t)
+
+	event, objectIdentifier := newFolderAuditEvent(nil)
+	parts := strings.Split(event.LogName, "/")
+	identifier := parts[1]
+
+	t.Run("LogName type mismatch", func(t *testing.T) {
+		event.LogName = fmt.Sprintf("projects/%s/logs/admin-activity", identifier)
+		_, err := validateAndSerializePartially(
+			validator, event, auditV1.Visibility_VISIBILITY_PUBLIC, NewRoutableIdentifier(objectIdentifier))
+
+		assert.ErrorIs(t, err, ErrAttributeTypeInvalid)
+	})
+
+	t.Run("LogName identifier mismatch", func(t *testing.T) {
+		event.LogName = fmt.Sprintf("folders/%s/logs/admin-activity", uuid.NewString())
+		_, err := validateAndSerializePartially(
+			validator, event, auditV1.Visibility_VISIBILITY_PUBLIC, NewRoutableIdentifier(objectIdentifier))
+
+		assert.ErrorIs(t, err, ErrAttributeIdentifierInvalid)
+	})
+}
+
+func Test_ValidateAndSerializePartially_ResourceNameIdentifierMismatch(t *testing.T) {
+	validator := NewValidator(t)
+
+	event, objectIdentifier := newFolderAuditEvent(nil)
+	parts := strings.Split(event.ProtoPayload.ResourceName, "/")
+	identifier := parts[1]
+
+	t.Run("ResourceName type mismatch", func(t *testing.T) {
+		event.ProtoPayload.ResourceName = fmt.Sprintf("projects/%s", identifier)
+		_, err := validateAndSerializePartially(
+			validator, event, auditV1.Visibility_VISIBILITY_PUBLIC, NewRoutableIdentifier(objectIdentifier))
+
+		assert.ErrorIs(t, err, ErrAttributeTypeInvalid)
+	})
+
+	t.Run("ResourceName identifier mismatch", func(t *testing.T) {
+		event.ProtoPayload.ResourceName = fmt.Sprintf("folders/%s", uuid.NewString())
+		_, err := validateAndSerializePartially(
+			validator, event, auditV1.Visibility_VISIBILITY_PUBLIC, NewRoutableIdentifier(objectIdentifier))
+
+		assert.ErrorIs(t, err, ErrAttributeIdentifierInvalid)
+	})
+}
+
+func Test_ValidateAndSerializePartially_SystemEvent(t *testing.T) {
+	validator := NewValidator(t)
+
+	event := newSystemAuditEvent(nil)
+
+	routableEvent, err := validateAndSerializePartially(
+		validator, event, auditV1.Visibility_VISIBILITY_PRIVATE, RoutableSystemIdentifier)
+
+	assert.NoError(t, err)
+	assert.Equal(t, event.LogName, fmt.Sprintf("system/%s/logs/%s", SystemIdentifier.Identifier, EventTypeSystemEvent))
+	assert.True(t, proto.Equal(routableEvent.ObjectIdentifier, SystemIdentifier))
+}
+
+func Test_Send_TopicNameResolverNil(t *testing.T) {
+	err := send(nil, nil, context.Background(), nil, nil)
+	assert.ErrorIs(t, err, ErrTopicNameResolverNil)
+}
+
+func Test_Send_TopicNameResolutionError(t *testing.T) {
+	expectedError := errors.New("expected error")
+
+	topicNameResolverMock := TopicNameResolverMock{}
+	topicNameResolverMock.On("Resolve", mock.Anything).Return("topic", expectedError)
+	var topicNameResolver TopicNameResolver = &topicNameResolverMock
+
+	var cloudEvent = CloudEvent{}
+
+	var messagingApi messaging.Api = &messaging.AmqpApi{}
+	err := send(topicNameResolver, messagingApi, context.Background(), RoutableSystemIdentifier, &cloudEvent)
+	assert.ErrorIs(t, err, expectedError)
+}
+
+func Test_Send_MessagingApiNil(t *testing.T) {
+	var topicNameResolver TopicNameResolver = &LegacyTopicNameResolver{topicName: "test"}
+	err := send(topicNameResolver, nil, context.Background(), nil, nil)
+	assert.ErrorIs(t, err, ErrMessagingApiNil)
+}
+
+func Test_Send_CloudEventNil(t *testing.T) {
+	var topicNameResolver TopicNameResolver = &LegacyTopicNameResolver{topicName: "test"}
+	var messagingApi messaging.Api = &messaging.AmqpApi{}
+
+	err := send(topicNameResolver, messagingApi, context.Background(), nil, nil)
+	assert.ErrorIs(t, err, ErrCloudEventNil)
+}
+
+func Test_Send_ObjectIdentifierNil(t *testing.T) {
+	var topicNameResolver TopicNameResolver = &LegacyTopicNameResolver{topicName: "test"}
+	var messagingApi messaging.Api = &messaging.AmqpApi{}
+	var cloudEvent = CloudEvent{}
+
+	err := send(topicNameResolver, messagingApi, context.Background(), nil, &cloudEvent)
+	assert.ErrorIs(t, err, ErrObjectIdentifierNil)
+}
+
+func Test_Send_UnsupportedObjectIdentifierType(t *testing.T) {
+	var topicNameResolver TopicNameResolver = &LegacyTopicNameResolver{topicName: "test"}
+	var messagingApi messaging.Api = &messaging.AmqpApi{}
+	var cloudEvent = CloudEvent{}
+	var objectIdentifier = auditV1.ObjectIdentifier{Identifier: uuid.NewString(), Type: "unsupported"}
+
+	err := send(topicNameResolver, messagingApi, context.Background(), NewRoutableIdentifier(&objectIdentifier), &cloudEvent)
+	assert.ErrorIs(t, err, ErrUnsupportedRoutableType)
+}
+
+func Test_Send(t *testing.T) {
+	topicNameResolverMock := TopicNameResolverMock{}
+	topicNameResolverMock.On("Resolve", mock.Anything).Return("topic", nil)
+	var topicNameResolver TopicNameResolver = &topicNameResolverMock
+
+	messagingApiMock := MessagingApiMock{}
+	messagingApiMock.On("Send", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(nil)
+	var messagingApi messaging.Api = &messagingApiMock
+
+	var cloudEvent = CloudEvent{}
+	assert.NoError(t, send(topicNameResolver, messagingApi, context.Background(), RoutableSystemIdentifier, &cloudEvent))
+	assert.True(t, messagingApiMock.AssertNumberOfCalls(t, "Send", 1))
+}
+
+func Test_SendAllHeadersSet(t *testing.T) {
+	topicNameResolverMock := TopicNameResolverMock{}
+	topicNameResolverMock.On("Resolve", mock.Anything).Return("topic", nil)
+	var topicNameResolver TopicNameResolver = &topicNameResolverMock
+
+	messagingApiMock := MessagingApiMock{}
+	messagingApiMock.On("Send", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(nil)
+	var messagingApi messaging.Api = &messagingApiMock
+
+	traceState := "rojo=00f067aa0ba902b7,congo=t61rcWkgMzE"
+	traceParent := "00-4bf92f3577b34da6a3ce929d0e0e4736-00f067aa0ba902b7-01"
+	expectedTime := time.Now()
+	var cloudEvent = CloudEvent{
+		SpecVersion:     "1.0",
+		Source:          "resourcemanager",
+		Id:              "id",
+		Time:            expectedTime,
+		DataContentType: ContentTypeCloudEventsProtobuf,
+		DataType:        "type",
+		Subject:         "subject",
+		TraceParent:     &traceParent,
+		TraceState:      &traceState,
+	}
+	assert.NoError(t, send(topicNameResolver, messagingApi, context.Background(), RoutableSystemIdentifier, &cloudEvent))
+	assert.True(t, messagingApiMock.AssertNumberOfCalls(t, "Send", 1))
+
+	arguments := messagingApiMock.Calls[0].Arguments
+	topic := arguments.Get(1).(string)
+	assert.Equal(t, "topic", topic)
+
+	contentType := arguments.Get(3).(string)
+	assert.Equal(t, ContentTypeCloudEventsProtobuf, contentType)
+
+	applicationProperties := arguments.Get(4).(map[string]any)
+	assert.Equal(t, "1.0", applicationProperties["cloudEvents:specversion"])
+	assert.Equal(t, "resourcemanager", applicationProperties["cloudEvents:source"])
+	assert.Equal(t, "id", applicationProperties["cloudEvents:id"])
+	assert.Equal(t, expectedTime.UnixMilli(), applicationProperties["cloudEvents:time"])
+	assert.Equal(t, ContentTypeCloudEventsProtobuf, applicationProperties["cloudEvents:datacontenttype"])
+	assert.Equal(t, "type", applicationProperties["cloudEvents:type"])
+	assert.Equal(t, "subject", applicationProperties["cloudEvents:subject"])
+	assert.Equal(t, traceParent, applicationProperties["cloudEvents:traceparent"])
+	assert.Equal(t, traceState, applicationProperties["cloudEvents:tracestate"])
+	messagingApiMock.AssertExpectations(t)
+}
+
+func Test_SendWithoutOptionalHeadersSet(t *testing.T) {
+	topicNameResolverMock := TopicNameResolverMock{}
+	topicNameResolverMock.On("Resolve", mock.Anything).Return("topic", nil)
+	var topicNameResolver TopicNameResolver = &topicNameResolverMock
+
+	messagingApiMock := MessagingApiMock{}
+	messagingApiMock.On("Send", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(nil)
+	var messagingApi messaging.Api = &messagingApiMock
+
+	expectedTime := time.Now()
+	var cloudEvent = CloudEvent{
+		SpecVersion:     "1.0",
+		Source:          "resourcemanager",
+		Id:              "id",
+		Time:            expectedTime,
+		DataContentType: ContentTypeCloudEventsProtobuf,
+		DataType:        "type",
+		Subject:         "subject",
+	}
+	assert.NoError(t, send(topicNameResolver, messagingApi, context.Background(), RoutableSystemIdentifier, &cloudEvent))
+	assert.True(t, messagingApiMock.AssertNumberOfCalls(t, "Send", 1))
+
+	arguments := messagingApiMock.Calls[0].Arguments
+	topic := arguments.Get(1).(string)
+	assert.Equal(t, "topic", topic)
+
+	contentType := arguments.Get(3).(string)
+	assert.Equal(t, ContentTypeCloudEventsProtobuf, contentType)
+
+	applicationProperties := arguments.Get(4).(map[string]any)
+	assert.Equal(t, "1.0", applicationProperties["cloudEvents:specversion"])
+	assert.Equal(t, "resourcemanager", applicationProperties["cloudEvents:source"])
+	assert.Equal(t, "id", applicationProperties["cloudEvents:id"])
+	assert.Equal(t, expectedTime.UnixMilli(), applicationProperties["cloudEvents:time"])
+	assert.Equal(t, ContentTypeCloudEventsProtobuf, applicationProperties["cloudEvents:datacontenttype"])
+	assert.Equal(t, "type", applicationProperties["cloudEvents:type"])
+	assert.Equal(t, "subject", applicationProperties["cloudEvents:subject"])
+	assert.Equal(t, nil, applicationProperties["cloudEvents:traceparent"])
+	assert.Equal(t, nil, applicationProperties["cloudEvents:tracestate"])
+	messagingApiMock.AssertExpectations(t)
+}

audit/api/api_legacy.go

@@ -2,24 +2,31 @@ package api
 
 import (
 	"context"
+	"dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/audit/messaging"
+	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"
 	"errors"
-	"fmt"
-	"strings"
-
 	"go.opentelemetry.io/otel"
 	"go.opentelemetry.io/otel/trace"
-	"google.golang.org/protobuf/proto"
+	"strings"
 
-	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"
+	"google.golang.org/protobuf/proto"
-	internalAuditApi "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/internal/audit/api"
-	pkgAuditCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/audit/common"
-	pkgMessagingApi "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/messaging/api"
 )
 
 const DataTypeLegacyAuditEventV1 = "audit.v1.LegacyAuditEvent"
 
-// StaticTopicNameConfig provides topic name information required for the topic name resolution.
+// LegacyTopicNameResolver implements TopicNameResolver.
-type StaticTopicNameConfig struct {
+// A hard-coded topic name is used, routing identifiers are ignored.
+type LegacyTopicNameResolver struct {
+	topicName string
+}
+
+// Resolve implements TopicNameResolver.Resolve
+func (r *LegacyTopicNameResolver) Resolve(*RoutableIdentifier) (string, error) {
+	return r.topicName, nil
+}
+
+// LegacyTopicNameConfig provides topic name information required for the topic name resolution.
+type LegacyTopicNameConfig struct {
 	TopicName string
 }
 
@@ -27,39 +34,33 @@ type StaticTopicNameConfig struct {
 //
 // Note: The implementation will be deprecated and replaced with the "routableAuditApi" once the new audit log routing is implemented
 type LegacyAuditApi struct {
-	messagingApi      pkgMessagingApi.Api
+	messagingApi      messaging.Api
-	topicNameResolver pkgAuditCommon.TopicNameResolver
+	topicNameResolver TopicNameResolver
 	tracer            trace.Tracer
-	validator         pkgAuditCommon.ProtobufValidator
+	validator         ProtobufValidator
 }
 
 // NewLegacyAuditApi can be used to initialize the audit log api.
 //
 // Note: The NewLegacyAuditApi method will be deprecated and replaced with "newRoutableAuditApi" once the new audit log routing is implemented
 func NewLegacyAuditApi(
-	messagingApi pkgMessagingApi.Api,
+	messagingApi messaging.Api,
-	topicNameConfig StaticTopicNameConfig,
+	topicNameConfig LegacyTopicNameConfig,
-	validator pkgAuditCommon.ProtobufValidator,
+	validator ProtobufValidator,
-) (pkgAuditCommon.AuditApi, error) {
+) (AuditApi, error) {
 
 	if messagingApi == nil {
-		return nil, pkgAuditCommon.ErrMessagingApiNil
+		return nil, ErrMessagingApiNil
 	}
 
 	// Topic resolver
 	if topicNameConfig.TopicName == "" {
 		return nil, errors.New("topic name is required")
 	}
-	if !pkgAuditCommon.TopicNamePattern.MatchString(topicNameConfig.TopicName) {
+	var topicNameResolver TopicNameResolver = &LegacyTopicNameResolver{topicName: topicNameConfig.TopicName}
-		return nil, fmt.Errorf("invalid topic name: %s - "+
-			"expected stackit-platform/t/swz/audit-log/{region}/{version}/{eventSource}/{additionalParts} "+
-			"where region is one of [conway, eu01, eu02, sx-stoi01], version is vX.Y, eventSource is the service name "+
-			"and additionalParts is a describing string the audit log relates to or 'events'", topicNameConfig.TopicName)
-	}
-	var topicNameResolver pkgAuditCommon.TopicNameResolver = &pkgAuditCommon.StaticTopicNameTestResolver{TopicName: topicNameConfig.TopicName}
 
 	// Audit api
-	var auditApi pkgAuditCommon.AuditApi = &LegacyAuditApi{
+	var auditApi AuditApi = &LegacyAuditApi{
 		messagingApi:      messagingApi,
 		topicNameResolver: topicNameResolver,
 		tracer:            otel.Tracer("legacy-audit-api"),
@@ -74,7 +75,7 @@ func (a *LegacyAuditApi) Log(
 	ctx context.Context,
 	event *auditV1.AuditLogEntry,
 	visibility auditV1.Visibility,
-	routableIdentifier *pkgAuditCommon.RoutableIdentifier,
+	routableIdentifier *RoutableIdentifier,
 ) error {
 
 	cloudEvent, err := a.ValidateAndSerialize(ctx, event, visibility, routableIdentifier)
@@ -91,21 +92,21 @@ func (a *LegacyAuditApi) ValidateAndSerialize(
 	ctx context.Context,
 	event *auditV1.AuditLogEntry,
 	visibility auditV1.Visibility,
-	routableIdentifier *pkgAuditCommon.RoutableIdentifier,
+	routableIdentifier *RoutableIdentifier,
-) (*pkgAuditCommon.CloudEvent, error) {
+) (*CloudEvent, error) {
 
 	ctx, span := a.tracer.Start(ctx, "validate-and-serialize")
 	defer span.End()
 
-	routableEvent, err := internalAuditApi.ValidateAndSerializePartially(a.validator, event, visibility, routableIdentifier)
+	routableEvent, err := validateAndSerializePartially(a.validator, event, visibility, routableIdentifier)
 	if err != nil {
 		return nil, err
 	}
 
 	// Reject event type data-access as the downstream services
 	// cannot handle it at the moment
-	if strings.HasSuffix(event.LogName, string(pkgAuditCommon.EventTypeDataAccess)) {
+	if strings.HasSuffix(event.LogName, string(EventTypeDataAccess)) {
-		return nil, pkgAuditCommon.ErrUnsupportedEventTypeDataAccess
+		return nil, ErrUnsupportedEventTypeDataAccess
 	}
 
 	// Do nothing with the serialized data in the legacy solution
@@ -115,19 +116,19 @@ func (a *LegacyAuditApi) ValidateAndSerialize(
 	}
 
 	// Convert attributes
-	legacyBytes, err := internalAuditApi.ConvertAndSerializeIntoLegacyFormat(event, routableEvent)
+	legacyBytes, err := convertAndSerializeIntoLegacyFormat(event, routableEvent)
 	if err != nil {
 		return nil, err
 	}
 
-	traceParent, traceState := internalAuditApi.TraceParentAndStateFromContext(ctx)
+	traceParent, traceState := TraceParentAndStateFromContext(ctx)
 
-	message := pkgAuditCommon.CloudEvent{
+	message := CloudEvent{
 		SpecVersion:     "1.0",
 		Source:          event.ProtoPayload.ServiceName,
 		Id:              event.InsertId,
 		Time:            event.ProtoPayload.RequestMetadata.RequestAttributes.Time.AsTime(),
-		DataContentType: pkgAuditCommon.ContentTypeCloudEventsJson,
+		DataContentType: ContentTypeCloudEventsJson,
 		DataType:        DataTypeLegacyAuditEventV1,
 		Subject:         event.ProtoPayload.ResourceName,
 		Data:            legacyBytes,
@@ -140,15 +141,15 @@ func (a *LegacyAuditApi) ValidateAndSerialize(
 // Send implements AuditApi.Send
 func (a *LegacyAuditApi) Send(
 	ctx context.Context,
-	routableIdentifier *pkgAuditCommon.RoutableIdentifier,
+	routableIdentifier *RoutableIdentifier,
-	cloudEvent *pkgAuditCommon.CloudEvent,
+	cloudEvent *CloudEvent,
 ) error {
 
 	if cloudEvent != nil && cloudEvent.TraceParent != nil && cloudEvent.TraceState != nil {
-		ctx = internalAuditApi.AddTraceParentAndStateToContext(ctx, *cloudEvent.TraceParent, *cloudEvent.TraceState)
+		ctx = AddTraceParentAndStateToContext(ctx, *cloudEvent.TraceParent, *cloudEvent.TraceState)
 	}
 	ctx, span := a.tracer.Start(ctx, "send")
 	defer span.End()
 
-	return internalAuditApi.Send(a.topicNameResolver, a.messagingApi, ctx, routableIdentifier, cloudEvent)
+	return send(a.topicNameResolver, a.messagingApi, ctx, routableIdentifier, cloudEvent)
 }

audit/api/api_legacy_converter.go

@@ -8,16 +8,14 @@ import (
 	"strings"
 	"time"
 
-	"google.golang.org/protobuf/encoding/protojson"
-
 	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"
-	pkgAuditCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/audit/common"
+	"google.golang.org/protobuf/encoding/protojson"
 )
 
 var ErrUnsupportedSeverity = errors.New("unsupported severity level")
 
-// ConvertAndSerializeIntoLegacyFormat converts the protobuf events into the json serialized legacy audit log format
+// convertAndSerializeIntoLegacyFormat converts the protobuf events into the json serialized legacy audit log format
-func ConvertAndSerializeIntoLegacyFormat(
+func convertAndSerializeIntoLegacyFormat(
 	event *auditV1.AuditLogEntry,
 	routableEvent *auditV1.RoutableAuditEvent,
 ) ([]byte, error) {
@@ -25,14 +23,14 @@ func ConvertAndSerializeIntoLegacyFormat(
 	// Event type
 	var eventType string
 	switch {
-	case strings.HasSuffix(event.LogName, string(pkgAuditCommon.EventTypeAdminActivity)):
+	case strings.HasSuffix(event.LogName, string(EventTypeAdminActivity)):
 		eventType = "ADMIN_ACTIVITY"
-	case strings.HasSuffix(event.LogName, string(pkgAuditCommon.EventTypeSystemEvent)):
+	case strings.HasSuffix(event.LogName, string(EventTypeSystemEvent)):
 		eventType = "SYSTEM_EVENT"
-	case strings.HasSuffix(event.LogName, string(pkgAuditCommon.EventTypePolicyDenied)):
+	case strings.HasSuffix(event.LogName, string(EventTypePolicyDenied)):
 		eventType = "POLICY_DENIED"
-	case strings.HasSuffix(event.LogName, string(pkgAuditCommon.EventTypeDataAccess)):
+	case strings.HasSuffix(event.LogName, string(EventTypeDataAccess)):
-		return nil, pkgAuditCommon.ErrUnsupportedEventTypeDataAccess
+		return nil, ErrUnsupportedEventTypeDataAccess
 	default:
 		return nil, errors.New("unsupported event type")
 	}
@@ -119,34 +117,34 @@ func ConvertAndSerializeIntoLegacyFormat(
 	}
 
 	if routableEvent.ObjectIdentifier == nil {
-		return nil, pkgAuditCommon.ErrObjectIdentifierNil
+		return nil, ErrObjectIdentifierNil
 	}
 
 	// Context and event type
 	var messageContext *LegacyAuditEventContext
 	switch routableEvent.ObjectIdentifier.Type {
-	case string(pkgAuditCommon.ObjectTypeProject):
+	case string(ObjectTypeProject):
 		messageContext = &LegacyAuditEventContext{
 			OrganizationId: nil,
 			FolderId:       nil,
 			ProjectId:      &routableEvent.ObjectIdentifier.Identifier,
 		}
-	case string(pkgAuditCommon.ObjectTypeFolder):
+	case string(ObjectTypeFolder):
 		messageContext = &LegacyAuditEventContext{
 			OrganizationId: nil,
 			FolderId:       &routableEvent.ObjectIdentifier.Identifier,
 			ProjectId:      nil,
 		}
-	case string(pkgAuditCommon.ObjectTypeOrganization):
+	case string(ObjectTypeOrganization):
 		messageContext = &LegacyAuditEventContext{
 			OrganizationId: &routableEvent.ObjectIdentifier.Identifier,
 			FolderId:       nil,
 			ProjectId:      nil,
 		}
-	case string(pkgAuditCommon.ObjectTypeSystem):
+	case string(ObjectTypeSystem):
 		messageContext = nil
 	default:
-		return nil, pkgAuditCommon.ErrUnsupportedObjectIdentifierType
+		return nil, ErrUnsupportedObjectIdentifierType
 	}
 
 	var visibility string
@@ -202,7 +200,7 @@ func ConvertAndSerializeIntoLegacyFormat(
 		UserAgent:       userAgent,
 		Initiator: LegacyAuditEventPrincipal{
 			Id:    event.ProtoPayload.AuthenticationInfo.PrincipalId,
-			Email: event.ProtoPayload.AuthenticationInfo.PrincipalEmail,
+			Email: &event.ProtoPayload.AuthenticationInfo.PrincipalEmail,
 		},
 		ServiceAccountDelegationInfo: serviceAccountDelegationInfo,
 		Request:                      request,

audit/api/api_legacy_converter_test.go

@@ -3,14 +3,12 @@ package api
 import (
 	"testing"
 
-	"github.com/stretchr/testify/assert"
-
 	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"
-	pkgAuditCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/audit/common"
+	"github.com/stretchr/testify/assert"
 )
 
 func Test_ConvertAndSerializeIntoLegacyFormat_NoObjectIdentifier(t *testing.T) {
-	event, _ := NewProjectAuditEvent(nil)
+	event, _ := newProjectAuditEvent(nil)
 	routableEvent := auditV1.RoutableAuditEvent{
 		OperationName:    event.ProtoPayload.OperationName,
 		Visibility:       auditV1.Visibility_VISIBILITY_PUBLIC,
@@ -18,6 +16,6 @@ func Test_ConvertAndSerializeIntoLegacyFormat_NoObjectIdentifier(t *testing.T) {
 		Data:             nil,
 	}
 
-	_, err := ConvertAndSerializeIntoLegacyFormat(event, &routableEvent)
+	_, err := convertAndSerializeIntoLegacyFormat(event, &routableEvent)
-	assert.ErrorIs(t, err, pkgAuditCommon.ErrObjectIdentifierNil)
+	assert.ErrorIs(t, err, ErrObjectIdentifierNil)
 }

audit/api/api_legacy_dynamic.go

@@ -4,16 +4,14 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"strings"
-
 	"go.opentelemetry.io/otel"
 	"go.opentelemetry.io/otel/trace"
-	"google.golang.org/protobuf/proto"
+	"strings"
 
+	"dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/audit/messaging"
 	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"
-	internalAuditApi "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/internal/audit/api"
+
-	pkgAuditCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/audit/common"
+	"google.golang.org/protobuf/proto"
-	pkgMessagingApi "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/messaging/api"
 )
 
 type ContextKey string
@@ -28,25 +26,25 @@ var ErrTopicNameEmpty = errors.New("empty topic name provided")
 //
 // Note: The implementation will be deprecated and replaced with the "routableAuditApi" once the new audit log routing is implemented
 type DynamicLegacyAuditApi struct {
-	messagingApi pkgMessagingApi.Api
+	messagingApi messaging.Api
 	tracer       trace.Tracer
-	validator    pkgAuditCommon.ProtobufValidator
+	validator    ProtobufValidator
 }
 
 // NewDynamicLegacyAuditApi can be used to initialize the audit log api.
 //
 // Note: The NewLegacyAuditApi method will be deprecated and replaced with "newRoutableAuditApi" once the new audit log routing is implemented
 func NewDynamicLegacyAuditApi(
-	messagingApi pkgMessagingApi.Api,
+	messagingApi messaging.Api,
-	validator pkgAuditCommon.ProtobufValidator,
+	validator ProtobufValidator,
-) (pkgAuditCommon.AuditApi, error) {
+) (AuditApi, error) {
 
 	if messagingApi == nil {
-		return nil, pkgAuditCommon.ErrMessagingApiNil
+		return nil, ErrMessagingApiNil
 	}
 
 	// Audit api
-	var auditApi pkgAuditCommon.AuditApi = &DynamicLegacyAuditApi{
+	var auditApi AuditApi = &DynamicLegacyAuditApi{
 		messagingApi: messagingApi,
 		tracer:       otel.Tracer("dynamic-legacy-audit-api"),
 		validator:    validator,
@@ -60,7 +58,7 @@ func (a *DynamicLegacyAuditApi) Log(
 	ctx context.Context,
 	event *auditV1.AuditLogEntry,
 	visibility auditV1.Visibility,
-	routableIdentifier *pkgAuditCommon.RoutableIdentifier,
+	routableIdentifier *RoutableIdentifier,
 ) error {
 
 	cloudEvent, err := a.ValidateAndSerialize(ctx, event, visibility, routableIdentifier)
@@ -77,21 +75,21 @@ func (a *DynamicLegacyAuditApi) ValidateAndSerialize(
 	ctx context.Context,
 	event *auditV1.AuditLogEntry,
 	visibility auditV1.Visibility,
-	routableIdentifier *pkgAuditCommon.RoutableIdentifier,
+	routableIdentifier *RoutableIdentifier,
-) (*pkgAuditCommon.CloudEvent, error) {
+) (*CloudEvent, error) {
 
 	ctx, span := a.tracer.Start(ctx, "validate-and-serialize")
 	defer span.End()
 
-	routableEvent, err := internalAuditApi.ValidateAndSerializePartially(a.validator, event, visibility, routableIdentifier)
+	routableEvent, err := validateAndSerializePartially(a.validator, event, visibility, routableIdentifier)
 	if err != nil {
 		return nil, err
 	}
 
 	// Reject event type data-access as the downstream services
 	// cannot handle it at the moment
-	if strings.HasSuffix(event.LogName, string(pkgAuditCommon.EventTypeDataAccess)) {
+	if strings.HasSuffix(event.LogName, string(EventTypeDataAccess)) {
-		return nil, pkgAuditCommon.ErrUnsupportedEventTypeDataAccess
+		return nil, ErrUnsupportedEventTypeDataAccess
 	}
 
 	// Do nothing with the serialized data in the legacy solution
@@ -101,19 +99,19 @@ func (a *DynamicLegacyAuditApi) ValidateAndSerialize(
 	}
 
 	// Convert attributes
-	legacyBytes, err := internalAuditApi.ConvertAndSerializeIntoLegacyFormat(event, routableEvent)
+	legacyBytes, err := convertAndSerializeIntoLegacyFormat(event, routableEvent)
 	if err != nil {
 		return nil, err
 	}
 
-	traceParent, traceState := internalAuditApi.TraceParentAndStateFromContext(ctx)
+	traceParent, traceState := TraceParentAndStateFromContext(ctx)
 
-	message := pkgAuditCommon.CloudEvent{
+	message := CloudEvent{
 		SpecVersion:     "1.0",
 		Source:          event.ProtoPayload.ServiceName,
 		Id:              event.InsertId,
 		Time:            event.ProtoPayload.RequestMetadata.RequestAttributes.Time.AsTime(),
-		DataContentType: pkgAuditCommon.ContentTypeCloudEventsJson,
+		DataContentType: ContentTypeCloudEventsJson,
 		DataType:        DataTypeLegacyAuditEventV1,
 		Subject:         event.ProtoPayload.ResourceName,
 		Data:            legacyBytes,
@@ -128,8 +126,8 @@ func (a *DynamicLegacyAuditApi) ValidateAndSerialize(
 // Requires to have the topic name set as key "topic" in the context.
 func (a *DynamicLegacyAuditApi) Send(
 	ctx context.Context,
-	routableIdentifier *pkgAuditCommon.RoutableIdentifier,
+	routableIdentifier *RoutableIdentifier,
-	cloudEvent *pkgAuditCommon.CloudEvent,
+	cloudEvent *CloudEvent,
 ) error {
 
 	rawTopicName := ctx.Value(ContextKeyTopic)
@@ -140,20 +138,14 @@ func (a *DynamicLegacyAuditApi) Send(
 	if topicName == "" {
 		return ErrTopicNameEmpty
 	}
-	if !pkgAuditCommon.TopicNamePattern.MatchString(topicName) {
-		return fmt.Errorf("invalid topic name: %s - "+
-			"expected stackit-platform/t/swz/audit-log/{region}/{version}/{eventSource}/{additionalParts} "+
-			"where region is one of [conway, eu01, eu02, sx-stoi01], version is vX.Y, eventSource is the service name "+
-			"and additionalParts is a describing string the audit log relates to or 'events'", topicName)
-	}
 
-	var topicNameResolver pkgAuditCommon.TopicNameResolver = &pkgAuditCommon.StaticTopicNameTestResolver{TopicName: topicName}
+	var topicNameResolver TopicNameResolver = &LegacyTopicNameResolver{topicName: topicName}
 
 	if cloudEvent != nil && cloudEvent.TraceParent != nil && cloudEvent.TraceState != nil {
-		ctx = internalAuditApi.AddTraceParentAndStateToContext(ctx, *cloudEvent.TraceParent, *cloudEvent.TraceState)
+		ctx = AddTraceParentAndStateToContext(ctx, *cloudEvent.TraceParent, *cloudEvent.TraceState)
 	}
 	ctx, span := a.tracer.Start(ctx, "send")
 	defer span.End()
 
-	return internalAuditApi.Send(topicNameResolver, a.messagingApi, ctx, routableIdentifier, cloudEvent)
+	return send(topicNameResolver, a.messagingApi, ctx, routableIdentifier, cloudEvent)
 }

audit/api/api_legacy_dynamic_test.go

@@ -4,22 +4,18 @@ import (
 	"context"
 	"encoding/json"
 	"errors"
+	"go.opentelemetry.io/otel"
 	"net/url"
 	"strings"
 	"testing"
 	"time"
 
-	"buf.build/go/protovalidate"
+	"dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/audit/messaging"
+	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"
+
+	"github.com/bufbuild/protovalidate-go"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
-	"go.opentelemetry.io/otel"
-
-	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"
-	internalAuditApi "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/internal/audit/api"
-	pkgAuditCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/audit/common"
-	pkgMessagingApi "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/messaging/api"
-	pkgMessagingCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/messaging/common"
-	pkgMessagingTest "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/messaging/test"
 )
 
 func TestDynamicLegacyAuditApi(t *testing.T) {
@@ -29,14 +25,14 @@ func TestDynamicLegacyAuditApi(t *testing.T) {
 	defer cancelFn()
 
 	// Start solace docker container
-	solaceContainer, err := pkgMessagingTest.NewSolaceContainer(context.Background())
+	solaceContainer, err := messaging.NewSolaceContainer(context.Background())
 	assert.NoError(t, err)
 	defer solaceContainer.Stop()
 
 	// Instantiate the messaging api
-	amqpApi, err := pkgMessagingApi.NewAmqpApi(
+	messagingApi, err := messaging.NewAmqpApi(
-		pkgMessagingCommon.AmqpConnectionPoolConfig{
+		messaging.AmqpConnectionPoolConfig{
-			Parameters: pkgMessagingCommon.AmqpConnectionConfig{BrokerUrl: solaceContainer.AmqpConnectionString},
+			Parameters: messaging.AmqpConnectionConfig{BrokerUrl: solaceContainer.AmqpConnectionString},
 			PoolSize:   1,
 		})
 	assert.NoError(t, err)
@@ -45,7 +41,7 @@ func TestDynamicLegacyAuditApi(t *testing.T) {
 	validator, err := protovalidate.New()
 	assert.NoError(t, err)
 
-	topicSubscriptionTopicPattern := "stackit-platform/t/swz/audit-log/>"
+	topicSubscriptionTopicPattern := "audit-log/>"
 
 	// Check that event-type data-access is rejected as it is currently
 	// not supported by downstream services
@@ -57,19 +53,19 @@ func TestDynamicLegacyAuditApi(t *testing.T) {
 		assert.NoError(t, solaceContainer.QueueCreate(ctx, queueName))
 		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, topicSubscriptionTopicPattern))
 
-		topicName := "topic://stackit-platform/t/swz/audit-log/eu01/v1/resource-manager/organization-rejected"
+		topicName := "topic://audit-log/eu01/v1/resource-manager/organization-rejected"
 		assert.NoError(t, solaceContainer.ValidateTopicName(topicSubscriptionTopicPattern, topicName))
 
 		// Instantiate audit api
 		auditApi, err := NewDynamicLegacyAuditApi(
-			amqpApi,
+			messagingApi,
 			validator,
 		)
 		assert.NoError(t, err)
 
 		// Instantiate test data
-		event, objectIdentifier := internalAuditApi.NewOrganizationAuditEvent(nil)
+		event, objectIdentifier := newOrganizationAuditEvent(nil)
-		event.LogName = strings.Replace(event.LogName, string(pkgAuditCommon.EventTypeAdminActivity), string(pkgAuditCommon.EventTypeDataAccess), 1)
+		event.LogName = strings.Replace(event.LogName, string(EventTypeAdminActivity), string(EventTypeDataAccess), 1)
 
 		// Log the event to solace
 		visibility := auditV1.Visibility_VISIBILITY_PUBLIC
@@ -78,8 +74,8 @@ func TestDynamicLegacyAuditApi(t *testing.T) {
 			ctxWithTopic,
 			event,
 			visibility,
-			pkgAuditCommon.NewRoutableIdentifier(objectIdentifier),
+			NewRoutableIdentifier(objectIdentifier),
-		), pkgAuditCommon.ErrUnsupportedEventTypeDataAccess)
+		), ErrUnsupportedEventTypeDataAccess)
 	})
 
 	// Check logging of organization events
@@ -91,18 +87,18 @@ func TestDynamicLegacyAuditApi(t *testing.T) {
 		assert.NoError(t, solaceContainer.QueueCreate(ctx, queueName))
 		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, topicSubscriptionTopicPattern))
 
-		topicName := "topic://stackit-platform/t/swz/audit-log/eu01/v1/resource-manager/organization-created"
+		topicName := "topic://audit-log/eu01/v1/resource-manager/organization-created"
 		assert.NoError(t, solaceContainer.ValidateTopicName(topicSubscriptionTopicPattern, topicName))
 
 		// Instantiate audit api
 		auditApi, err := NewDynamicLegacyAuditApi(
-			amqpApi,
+			messagingApi,
 			validator,
 		)
 		assert.NoError(t, err)
 
 		// Instantiate test data
-		event, objectIdentifier := internalAuditApi.NewOrganizationAuditEvent(nil)
+		event, objectIdentifier := newOrganizationAuditEvent(nil)
 
 		// Log the event to solace
 		visibility := auditV1.Visibility_VISIBILITY_PUBLIC
@@ -111,7 +107,7 @@ func TestDynamicLegacyAuditApi(t *testing.T) {
 			ctxWithTopic,
 			event,
 			visibility,
-			pkgAuditCommon.NewRoutableIdentifier(objectIdentifier),
+			NewRoutableIdentifier(objectIdentifier),
 		))
 
 		message, err := solaceContainer.NextMessageFromQueue(ctx, queueName, true)
@@ -128,18 +124,18 @@ func TestDynamicLegacyAuditApi(t *testing.T) {
 		assert.NoError(t, solaceContainer.QueueCreate(ctx, queueName))
 		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, topicSubscriptionTopicPattern))
 
-		topicName := "topic://stackit-platform/t/swz/audit-log/eu01/v1/resource-manager/organization-created"
+		topicName := "topic://audit-log/eu01/v1/resource-manager/organization-created"
 		assert.NoError(t, solaceContainer.ValidateTopicName(topicSubscriptionTopicPattern, topicName))
 
 		// Instantiate audit api
 		auditApi, err := NewDynamicLegacyAuditApi(
-			amqpApi,
+			messagingApi,
 			validator,
 		)
 		assert.NoError(t, err)
 
 		// Instantiate test data
-		event, objectIdentifier := internalAuditApi.NewOrganizationAuditEvent(nil)
+		event, objectIdentifier := newOrganizationAuditEvent(nil)
 
 		// Log the event to solace
 		visibility := auditV1.Visibility_VISIBILITY_PRIVATE
@@ -148,7 +144,7 @@ func TestDynamicLegacyAuditApi(t *testing.T) {
 			ctxWithTopic,
 			event,
 			visibility,
-			pkgAuditCommon.NewRoutableIdentifier(objectIdentifier),
+			NewRoutableIdentifier(objectIdentifier),
 		))
 
 		message, err := solaceContainer.NextMessageFromQueue(ctx, queueName, true)
@@ -166,18 +162,18 @@ func TestDynamicLegacyAuditApi(t *testing.T) {
 		assert.NoError(t, solaceContainer.QueueCreate(ctx, queueName))
 		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, topicSubscriptionTopicPattern))
 
-		topicName := "topic://stackit-platform/t/swz/audit-log/eu01/v1/resource-manager/folder-created"
+		topicName := "topic://audit-log/eu01/v1/resource-manager/folder-created"
 		assert.NoError(t, solaceContainer.ValidateTopicName(topicSubscriptionTopicPattern, topicName))
 
 		// Instantiate audit api
 		auditApi, err := NewDynamicLegacyAuditApi(
-			amqpApi,
+			messagingApi,
 			validator,
 		)
 		assert.NoError(t, err)
 
 		// Instantiate test data
-		event, objectIdentifier := internalAuditApi.NewFolderAuditEvent(nil)
+		event, objectIdentifier := newFolderAuditEvent(nil)
 
 		// Log the event to solace
 		visibility := auditV1.Visibility_VISIBILITY_PUBLIC
@@ -186,7 +182,7 @@ func TestDynamicLegacyAuditApi(t *testing.T) {
 			ctxWithTopic,
 			event,
 			visibility,
-			pkgAuditCommon.NewRoutableIdentifier(objectIdentifier),
+			NewRoutableIdentifier(objectIdentifier),
 		))
 
 		message, err := solaceContainer.NextMessageFromQueue(ctx, queueName, true)
@@ -203,18 +199,18 @@ func TestDynamicLegacyAuditApi(t *testing.T) {
 		assert.NoError(t, solaceContainer.QueueCreate(ctx, queueName))
 		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, topicSubscriptionTopicPattern))
 
-		topicName := "topic://stackit-platform/t/swz/audit-log/eu01/v1/resource-manager/folder-created"
+		topicName := "topic://audit-log/eu01/v1/resource-manager/folder-created"
 		assert.NoError(t, solaceContainer.ValidateTopicName(topicSubscriptionTopicPattern, topicName))
 
 		// Instantiate audit api
 		auditApi, err := NewDynamicLegacyAuditApi(
-			amqpApi,
+			messagingApi,
 			validator,
 		)
 		assert.NoError(t, err)
 
 		// Instantiate test data
-		event, objectIdentifier := internalAuditApi.NewFolderAuditEvent(nil)
+		event, objectIdentifier := newFolderAuditEvent(nil)
 
 		// Log the event to solace
 		visibility := auditV1.Visibility_VISIBILITY_PRIVATE
@@ -223,7 +219,7 @@ func TestDynamicLegacyAuditApi(t *testing.T) {
 			ctxWithTopic,
 			event,
 			visibility,
-			pkgAuditCommon.NewRoutableIdentifier(objectIdentifier),
+			NewRoutableIdentifier(objectIdentifier),
 		))
 
 		message, err := solaceContainer.NextMessageFromQueue(ctx, queueName, true)
@@ -241,18 +237,18 @@ func TestDynamicLegacyAuditApi(t *testing.T) {
 		assert.NoError(t, solaceContainer.QueueCreate(ctx, queueName))
 		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, topicSubscriptionTopicPattern))
 
-		topicName := "topic://stackit-platform/t/swz/audit-log/eu01/v1/resource-manager/project-created"
+		topicName := "topic://audit-log/eu01/v1/resource-manager/project-created"
 		assert.NoError(t, solaceContainer.ValidateTopicName(topicSubscriptionTopicPattern, topicName))
 
 		// Instantiate audit api
 		auditApi, err := NewDynamicLegacyAuditApi(
-			amqpApi,
+			messagingApi,
 			validator,
 		)
 		assert.NoError(t, err)
 
 		// Instantiate test data
-		event, objectIdentifier := internalAuditApi.NewProjectAuditEvent(nil)
+		event, objectIdentifier := newProjectAuditEvent(nil)
 
 		// Log the event to solace
 		visibility := auditV1.Visibility_VISIBILITY_PUBLIC
@@ -261,7 +257,7 @@ func TestDynamicLegacyAuditApi(t *testing.T) {
 			ctxWithTopic,
 			event,
 			visibility,
-			pkgAuditCommon.NewRoutableIdentifier(objectIdentifier),
+			NewRoutableIdentifier(objectIdentifier),
 		))
 
 		message, err := solaceContainer.NextMessageFromQueue(ctx, queueName, true)
@@ -278,18 +274,18 @@ func TestDynamicLegacyAuditApi(t *testing.T) {
 		assert.NoError(t, solaceContainer.QueueCreate(ctx, queueName))
 		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, topicSubscriptionTopicPattern))
 
-		topicName := "topic://stackit-platform/t/swz/audit-log/eu01/v1/resource-manager/project-created"
+		topicName := "topic://audit-log/eu01/v1/resource-manager/project-created"
 		assert.NoError(t, solaceContainer.ValidateTopicName(topicSubscriptionTopicPattern, topicName))
 
 		// Instantiate audit api
 		auditApi, err := NewDynamicLegacyAuditApi(
-			amqpApi,
+			messagingApi,
 			validator,
 		)
 		assert.NoError(t, err)
 
 		// Instantiate test data
-		event, objectIdentifier := internalAuditApi.NewProjectAuditEvent(nil)
+		event, objectIdentifier := newProjectAuditEvent(nil)
 
 		// Log the event to solace
 		visibility := auditV1.Visibility_VISIBILITY_PRIVATE
@@ -298,7 +294,7 @@ func TestDynamicLegacyAuditApi(t *testing.T) {
 			ctxWithTopic,
 			event,
 			visibility,
-			pkgAuditCommon.NewRoutableIdentifier(objectIdentifier),
+			NewRoutableIdentifier(objectIdentifier),
 		))
 
 		message, err := solaceContainer.NextMessageFromQueue(ctx, queueName, true)
@@ -315,18 +311,18 @@ func TestDynamicLegacyAuditApi(t *testing.T) {
 		assert.NoError(t, solaceContainer.QueueCreate(ctx, queueName))
 		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, topicSubscriptionTopicPattern))
 
-		topicName := "topic://stackit-platform/t/swz/audit-log/eu01/v1/resource-manager/project-system-changed"
+		topicName := "topic://audit-log/eu01/v1/resource-manager/project-system-changed"
 		assert.NoError(t, solaceContainer.ValidateTopicName(topicSubscriptionTopicPattern, topicName))
 
 		// Instantiate audit api
 		auditApi, err := NewDynamicLegacyAuditApi(
-			amqpApi,
+			messagingApi,
 			validator,
 		)
 		assert.NoError(t, err)
 
 		// Instantiate test data
-		event := internalAuditApi.NewProjectSystemAuditEvent(nil)
+		event := newProjectSystemAuditEvent(nil)
 
 		// Log the event to solace
 		visibility := auditV1.Visibility_VISIBILITY_PRIVATE
@@ -336,7 +332,7 @@ func TestDynamicLegacyAuditApi(t *testing.T) {
 				ctxWithTopic,
 				event,
 				visibility,
-				pkgAuditCommon.RoutableSystemIdentifier,
+				RoutableSystemIdentifier,
 			))
 
 		// Receive the event from solace
@@ -349,7 +345,7 @@ func TestDynamicLegacyAuditApi(t *testing.T) {
 		assert.Equal(t, "", message.ApplicationProperties["cloudEvents:tracestate"])
 
 		// Check deserialized message
-		var auditEvent internalAuditApi.LegacyAuditEvent
+		var auditEvent LegacyAuditEvent
 		assert.NoError(t, json.Unmarshal(message.Data[0], &auditEvent))
 
 		assert.Equal(t, event.ProtoPayload.ResourceName, *auditEvent.ResourceName)
@@ -371,18 +367,18 @@ func TestDynamicLegacyAuditApi(t *testing.T) {
 		assert.NoError(t, solaceContainer.QueueCreate(ctx, queueName))
 		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, topicSubscriptionTopicPattern))
 
-		topicName := "topic://stackit-platform/t/swz/audit-log/eu01/v1/resource-manager/system-changed"
+		topicName := "topic://audit-log/eu01/v1/resource-manager/system-changed"
 		assert.NoError(t, solaceContainer.ValidateTopicName(topicSubscriptionTopicPattern, topicName))
 
 		// Instantiate audit api
 		auditApi, err := NewDynamicLegacyAuditApi(
-			amqpApi,
+			messagingApi,
 			validator,
 		)
 		assert.NoError(t, err)
 
 		// Instantiate test data
-		event := internalAuditApi.NewSystemAuditEvent(nil)
+		event := newSystemAuditEvent(nil)
 
 		// Log the event to solace
 		visibility := auditV1.Visibility_VISIBILITY_PRIVATE
@@ -392,7 +388,7 @@ func TestDynamicLegacyAuditApi(t *testing.T) {
 				ctxWithTopic,
 				event,
 				visibility,
-				pkgAuditCommon.RoutableSystemIdentifier,
+				RoutableSystemIdentifier,
 			))
 
 		// Receive the event from solace
@@ -405,7 +401,7 @@ func TestDynamicLegacyAuditApi(t *testing.T) {
 		assert.Equal(t, "", message.ApplicationProperties["cloudEvents:tracestate"])
 
 		// Check deserialized message
-		var auditEvent internalAuditApi.LegacyAuditEvent
+		var auditEvent LegacyAuditEvent
 		assert.NoError(t, json.Unmarshal(message.Data[0], &auditEvent))
 
 		assert.Equal(t, event.ProtoPayload.OperationName, auditEvent.EventName)
@@ -426,18 +422,18 @@ func TestDynamicLegacyAuditApi(t *testing.T) {
 		assert.NoError(t, solaceContainer.QueueCreate(ctx, queueName))
 		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, topicSubscriptionTopicPattern))
 
-		topicName := "topic://stackit-platform/t/swz/audit-log/eu01/v1/resource-manager/organization-created"
+		topicName := "topic://audit-log/eu01/v1/resource-manager/organization-created"
 		assert.NoError(t, solaceContainer.ValidateTopicName(topicSubscriptionTopicPattern, topicName))
 
 		// Instantiate audit api
 		auditApi, err := NewDynamicLegacyAuditApi(
-			amqpApi,
+			messagingApi,
 			validator,
 		)
 		assert.NoError(t, err)
 
 		// Instantiate test data
-		event, objectIdentifier := internalAuditApi.NewOrganizationAuditEvent(nil)
+		event, objectIdentifier := newOrganizationAuditEvent(nil)
 		escapedQuery := url.QueryEscape("param=value")
 		event.ProtoPayload.RequestMetadata.RequestAttributes.Query = &escapedQuery
 
@@ -448,7 +444,7 @@ func TestDynamicLegacyAuditApi(t *testing.T) {
 			ctxWithTopic,
 			event,
 			visibility,
-			pkgAuditCommon.NewRoutableIdentifier(objectIdentifier),
+			NewRoutableIdentifier(objectIdentifier),
 		))
 
 		message, err := solaceContainer.NextMessageFromQueue(ctx, queueName, true)
@@ -469,15 +465,15 @@ func TestDynamicLegacyAuditApi_ValidateAndSerialize_ValidationFailed(t *testing.
 
 	validator := &ProtobufValidatorMock{}
 	validator.On("Validate", mock.Anything).Return(expectedError)
-	var protobufValidator pkgAuditCommon.ProtobufValidator = validator
+	var protobufValidator ProtobufValidator = validator
 
 	auditApi := DynamicLegacyAuditApi{
 		tracer:    otel.Tracer("test"),
 		validator: protobufValidator,
 	}
 
-	event := internalAuditApi.NewSystemAuditEvent(nil)
+	event := newSystemAuditEvent(nil)
-	_, err := auditApi.ValidateAndSerialize(context.Background(), event, auditV1.Visibility_VISIBILITY_PUBLIC, pkgAuditCommon.RoutableSystemIdentifier)
+	_, err := auditApi.ValidateAndSerialize(context.Background(), event, auditV1.Visibility_VISIBILITY_PUBLIC, RoutableSystemIdentifier)
 	assert.ErrorIs(t, err, expectedError)
 }
 
@@ -486,22 +482,22 @@ func TestDynamicLegacyAuditApi_Log_ValidationFailed(t *testing.T) {
 
 	validator := &ProtobufValidatorMock{}
 	validator.On("Validate", mock.Anything).Return(expectedError)
-	var protobufValidator pkgAuditCommon.ProtobufValidator = validator
+	var protobufValidator ProtobufValidator = validator
 
 	auditApi := DynamicLegacyAuditApi{
 		tracer:    otel.Tracer("test"),
 		validator: protobufValidator,
 	}
 
-	event := internalAuditApi.NewSystemAuditEvent(nil)
+	event := newSystemAuditEvent(nil)
-	err := auditApi.Log(context.Background(), event, auditV1.Visibility_VISIBILITY_PUBLIC, pkgAuditCommon.RoutableSystemIdentifier)
+	err := auditApi.Log(context.Background(), event, auditV1.Visibility_VISIBILITY_PUBLIC, RoutableSystemIdentifier)
 	assert.ErrorIs(t, err, expectedError)
 }
 
 func TestDynamicLegacyAuditApi_Log_NilEvent(t *testing.T) {
 	auditApi := DynamicLegacyAuditApi{tracer: otel.Tracer("test")}
-	err := auditApi.Log(context.Background(), nil, auditV1.Visibility_VISIBILITY_PUBLIC, pkgAuditCommon.RoutableSystemIdentifier)
+	err := auditApi.Log(context.Background(), nil, auditV1.Visibility_VISIBILITY_PUBLIC, RoutableSystemIdentifier)
-	assert.ErrorIs(t, err, pkgAuditCommon.ErrEventNil)
+	assert.ErrorIs(t, err, ErrEventNil)
 }
 
 func TestDynamicLegacyAuditApi_ConvertAndSerializeIntoLegacyFormatInvalidObjectIdentifierType(t *testing.T) {
@@ -509,16 +505,16 @@ func TestDynamicLegacyAuditApi_ConvertAndSerializeIntoLegacyFormatInvalidObjectI
 		objectIdentifier *auditV1.ObjectIdentifier) {
 		objectIdentifier.Type = "invalid"
 	}
-	event, objectIdentifier := internalAuditApi.NewProjectAuditEvent(&customization)
+	event, objectIdentifier := newProjectAuditEvent(&customization)
 
 	validator := &ProtobufValidatorMock{}
 	validator.On("Validate", mock.Anything).Return(nil)
-	var protobufValidator pkgAuditCommon.ProtobufValidator = validator
+	var protobufValidator ProtobufValidator = validator
 
 	auditApi := DynamicLegacyAuditApi{
 		tracer:    otel.Tracer("test"),
 		validator: protobufValidator,
 	}
-	_, err := auditApi.ValidateAndSerialize(context.Background(), event, auditV1.Visibility_VISIBILITY_PUBLIC, pkgAuditCommon.NewRoutableIdentifier(objectIdentifier))
+	_, err := auditApi.ValidateAndSerialize(context.Background(), event, auditV1.Visibility_VISIBILITY_PUBLIC, NewRoutableIdentifier(objectIdentifier))
-	assert.ErrorIs(t, err, pkgAuditCommon.ErrUnsupportedRoutableType)
+	assert.ErrorIs(t, err, ErrUnsupportedRoutableType)
 }

audit/api/api_legacy_test.go

@@ -5,23 +5,19 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"go.opentelemetry.io/otel"
 	"net/url"
 	"strings"
 	"testing"
 	"time"
 
-	"buf.build/go/protovalidate"
+	"dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/audit/messaging"
+	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"
+
 	"github.com/Azure/go-amqp"
+	"github.com/bufbuild/protovalidate-go"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
-	"go.opentelemetry.io/otel"
-
-	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"
-	internalAuditApi "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/internal/audit/api"
-	pkgAuditCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/audit/common"
-	pkgMessagingApi "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/messaging/api"
-	pkgMessagingCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/messaging/common"
-	pkgMessagingTest "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/messaging/test"
 )
 
 func TestLegacyAuditApi(t *testing.T) {
@@ -31,13 +27,13 @@ func TestLegacyAuditApi(t *testing.T) {
 	defer cancelFn()
 
 	// Start solace docker container
-	solaceContainer, err := pkgMessagingTest.NewSolaceContainer(context.Background())
+	solaceContainer, err := messaging.NewSolaceContainer(context.Background())
 	assert.NoError(t, err)
 	defer solaceContainer.Stop()
 
 	// Instantiate the messaging api
-	amqpApi, err := pkgMessagingApi.NewAmqpApi(pkgMessagingCommon.AmqpConnectionPoolConfig{
+	messagingApi, err := messaging.NewAmqpApi(messaging.AmqpConnectionPoolConfig{
-		Parameters: pkgMessagingCommon.AmqpConnectionConfig{BrokerUrl: solaceContainer.AmqpConnectionString},
+		Parameters: messaging.AmqpConnectionConfig{BrokerUrl: solaceContainer.AmqpConnectionString},
 		PoolSize:   1,
 	})
 	assert.NoError(t, err)
@@ -46,7 +42,7 @@ func TestLegacyAuditApi(t *testing.T) {
 	validator, err := protovalidate.New()
 	assert.NoError(t, err)
 
-	topicSubscriptionTopicPattern := "stackit-platform/t/swz/audit-log/>"
+	topicSubscriptionTopicPattern := "audit-log/>"
 
 	// Check that event-type data-access is rejected as it is currently
 	// not supported by downstream services
@@ -58,28 +54,28 @@ func TestLegacyAuditApi(t *testing.T) {
 		assert.NoError(t, solaceContainer.QueueCreate(ctx, queueName))
 		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, topicSubscriptionTopicPattern))
 
-		topicName := "topic://stackit-platform/t/swz/audit-log/eu01/v1/resource-manager/organization-rejected"
+		topicName := "topic://audit-log/eu01/v1/resource-manager/organization-rejected"
 		assert.NoError(t, solaceContainer.ValidateTopicName(topicSubscriptionTopicPattern, topicName))
 
 		// Instantiate audit api
 		auditApi, err := NewLegacyAuditApi(
-			amqpApi,
+			messagingApi,
-			StaticTopicNameConfig{TopicName: topicName},
+			LegacyTopicNameConfig{TopicName: topicName},
 			validator,
 		)
 		assert.NoError(t, err)
 
 		// Instantiate test data
-		event, objectIdentifier := internalAuditApi.NewOrganizationAuditEvent(nil)
+		event, objectIdentifier := newOrganizationAuditEvent(nil)
-		event.LogName = strings.Replace(event.LogName, string(pkgAuditCommon.EventTypeAdminActivity), string(pkgAuditCommon.EventTypeDataAccess), 1)
+		event.LogName = strings.Replace(event.LogName, string(EventTypeAdminActivity), string(EventTypeDataAccess), 1)
 
 		// Log the event to solace
 		assert.ErrorIs(t, auditApi.Log(
 			ctx,
 			event,
 			auditV1.Visibility_VISIBILITY_PUBLIC,
-			pkgAuditCommon.NewRoutableIdentifier(objectIdentifier),
+			NewRoutableIdentifier(objectIdentifier),
-		), pkgAuditCommon.ErrUnsupportedEventTypeDataAccess)
+		), ErrUnsupportedEventTypeDataAccess)
 	})
 
 	// Check logging of organization events
@@ -91,19 +87,19 @@ func TestLegacyAuditApi(t *testing.T) {
 		assert.NoError(t, solaceContainer.QueueCreate(ctx, queueName))
 		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, topicSubscriptionTopicPattern))
 
-		topicName := "topic://stackit-platform/t/swz/audit-log/eu01/v1/resource-manager/organization-created"
+		topicName := "topic://audit-log/eu01/v1/resource-manager/organization-created"
 		assert.NoError(t, solaceContainer.ValidateTopicName(topicSubscriptionTopicPattern, topicName))
 
 		// Instantiate audit api
 		auditApi, err := NewLegacyAuditApi(
-			amqpApi,
+			messagingApi,
-			StaticTopicNameConfig{TopicName: topicName},
+			LegacyTopicNameConfig{TopicName: topicName},
 			validator,
 		)
 		assert.NoError(t, err)
 
 		// Instantiate test data
-		event, objectIdentifier := internalAuditApi.NewOrganizationAuditEvent(nil)
+		event, objectIdentifier := newOrganizationAuditEvent(nil)
 
 		// Log the event to solace
 		visibility := auditV1.Visibility_VISIBILITY_PUBLIC
@@ -111,7 +107,7 @@ func TestLegacyAuditApi(t *testing.T) {
 			ctx,
 			event,
 			visibility,
-			pkgAuditCommon.NewRoutableIdentifier(objectIdentifier),
+			NewRoutableIdentifier(objectIdentifier),
 		))
 
 		message, err := solaceContainer.NextMessageFromQueue(ctx, queueName, true)
@@ -128,19 +124,19 @@ func TestLegacyAuditApi(t *testing.T) {
 		assert.NoError(t, solaceContainer.QueueCreate(ctx, queueName))
 		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, topicSubscriptionTopicPattern))
 
-		topicName := "topic://stackit-platform/t/swz/audit-log/eu01/v1/resource-manager/organization-created"
+		topicName := "topic://audit-log/eu01/v1/resource-manager/organization-created"
 		assert.NoError(t, solaceContainer.ValidateTopicName(topicSubscriptionTopicPattern, topicName))
 
 		// Instantiate audit api
 		auditApi, err := NewLegacyAuditApi(
-			amqpApi,
+			messagingApi,
-			StaticTopicNameConfig{TopicName: topicName},
+			LegacyTopicNameConfig{TopicName: topicName},
 			validator,
 		)
 		assert.NoError(t, err)
 
 		// Instantiate test data
-		event, objectIdentifier := internalAuditApi.NewOrganizationAuditEvent(nil)
+		event, objectIdentifier := newOrganizationAuditEvent(nil)
 
 		// Log the event to solace
 		visibility := auditV1.Visibility_VISIBILITY_PRIVATE
@@ -148,7 +144,7 @@ func TestLegacyAuditApi(t *testing.T) {
 			ctx,
 			event,
 			visibility,
-			pkgAuditCommon.NewRoutableIdentifier(objectIdentifier),
+			NewRoutableIdentifier(objectIdentifier),
 		))
 
 		message, err := solaceContainer.NextMessageFromQueue(ctx, queueName, true)
@@ -166,19 +162,19 @@ func TestLegacyAuditApi(t *testing.T) {
 		assert.NoError(t, solaceContainer.QueueCreate(ctx, queueName))
 		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, topicSubscriptionTopicPattern))
 
-		topicName := "topic://stackit-platform/t/swz/audit-log/eu01/v1/resource-manager/folder-created"
+		topicName := "topic://audit-log/eu01/v1/resource-manager/folder-created"
 		assert.NoError(t, solaceContainer.ValidateTopicName(topicSubscriptionTopicPattern, topicName))
 
 		// Instantiate audit api
 		auditApi, err := NewLegacyAuditApi(
-			amqpApi,
+			messagingApi,
-			StaticTopicNameConfig{TopicName: topicName},
+			LegacyTopicNameConfig{TopicName: topicName},
 			validator,
 		)
 		assert.NoError(t, err)
 
 		// Instantiate test data
-		event, objectIdentifier := internalAuditApi.NewFolderAuditEvent(nil)
+		event, objectIdentifier := newFolderAuditEvent(nil)
 
 		// Log the event to solace
 		visibility := auditV1.Visibility_VISIBILITY_PUBLIC
@@ -186,7 +182,7 @@ func TestLegacyAuditApi(t *testing.T) {
 			ctx,
 			event,
 			visibility,
-			pkgAuditCommon.NewRoutableIdentifier(objectIdentifier),
+			NewRoutableIdentifier(objectIdentifier),
 		))
 
 		message, err := solaceContainer.NextMessageFromQueue(ctx, queueName, true)
@@ -203,19 +199,19 @@ func TestLegacyAuditApi(t *testing.T) {
 		assert.NoError(t, solaceContainer.QueueCreate(ctx, queueName))
 		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, topicSubscriptionTopicPattern))
 
-		topicName := "topic://stackit-platform/t/swz/audit-log/eu01/v1/resource-manager/folder-created"
+		topicName := "topic://audit-log/eu01/v1/resource-manager/folder-created"
 		assert.NoError(t, solaceContainer.ValidateTopicName(topicSubscriptionTopicPattern, topicName))
 
 		// Instantiate audit api
 		auditApi, err := NewLegacyAuditApi(
-			amqpApi,
+			messagingApi,
-			StaticTopicNameConfig{TopicName: topicName},
+			LegacyTopicNameConfig{TopicName: topicName},
 			validator,
 		)
 		assert.NoError(t, err)
 
 		// Instantiate test data
-		event, objectIdentifier := internalAuditApi.NewFolderAuditEvent(nil)
+		event, objectIdentifier := newFolderAuditEvent(nil)
 
 		// Log the event to solace
 		visibility := auditV1.Visibility_VISIBILITY_PRIVATE
@@ -223,7 +219,7 @@ func TestLegacyAuditApi(t *testing.T) {
 			ctx,
 			event,
 			visibility,
-			pkgAuditCommon.NewRoutableIdentifier(objectIdentifier),
+			NewRoutableIdentifier(objectIdentifier),
 		))
 
 		message, err := solaceContainer.NextMessageFromQueue(ctx, queueName, true)
@@ -241,19 +237,19 @@ func TestLegacyAuditApi(t *testing.T) {
 		assert.NoError(t, solaceContainer.QueueCreate(ctx, queueName))
 		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, topicSubscriptionTopicPattern))
 
-		topicName := "topic://stackit-platform/t/swz/audit-log/eu01/v1/resource-manager/project-created"
+		topicName := "topic://audit-log/eu01/v1/resource-manager/project-created"
 		assert.NoError(t, solaceContainer.ValidateTopicName(topicSubscriptionTopicPattern, topicName))
 
 		// Instantiate audit api
 		auditApi, err := NewLegacyAuditApi(
-			amqpApi,
+			messagingApi,
-			StaticTopicNameConfig{TopicName: topicName},
+			LegacyTopicNameConfig{TopicName: topicName},
 			validator,
 		)
 		assert.NoError(t, err)
 
 		// Instantiate test data
-		event, objectIdentifier := internalAuditApi.NewProjectAuditEvent(nil)
+		event, objectIdentifier := newProjectAuditEvent(nil)
 
 		// Log the event to solace
 		visibility := auditV1.Visibility_VISIBILITY_PUBLIC
@@ -261,7 +257,7 @@ func TestLegacyAuditApi(t *testing.T) {
 			ctx,
 			event,
 			visibility,
-			pkgAuditCommon.NewRoutableIdentifier(objectIdentifier),
+			NewRoutableIdentifier(objectIdentifier),
 		))
 
 		message, err := solaceContainer.NextMessageFromQueue(ctx, queueName, true)
@@ -278,19 +274,19 @@ func TestLegacyAuditApi(t *testing.T) {
 		assert.NoError(t, solaceContainer.QueueCreate(ctx, queueName))
 		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, topicSubscriptionTopicPattern))
 
-		topicName := "topic://stackit-platform/t/swz/audit-log/eu01/v1/resource-manager/project-created"
+		topicName := "topic://audit-log/eu01/v1/resource-manager/project-created"
 		assert.NoError(t, solaceContainer.ValidateTopicName(topicSubscriptionTopicPattern, topicName))
 
 		// Instantiate audit api
 		auditApi, err := NewLegacyAuditApi(
-			amqpApi,
+			messagingApi,
-			StaticTopicNameConfig{TopicName: topicName},
+			LegacyTopicNameConfig{TopicName: topicName},
 			validator,
 		)
 		assert.NoError(t, err)
 
 		// Instantiate test data
-		event, objectIdentifier := internalAuditApi.NewProjectAuditEvent(nil)
+		event, objectIdentifier := newProjectAuditEvent(nil)
 
 		// Log the event to solace
 		visibility := auditV1.Visibility_VISIBILITY_PRIVATE
@@ -298,7 +294,7 @@ func TestLegacyAuditApi(t *testing.T) {
 			ctx,
 			event,
 			visibility,
-			pkgAuditCommon.NewRoutableIdentifier(objectIdentifier),
+			NewRoutableIdentifier(objectIdentifier),
 		))
 
 		message, err := solaceContainer.NextMessageFromQueue(ctx, queueName, true)
@@ -315,19 +311,19 @@ func TestLegacyAuditApi(t *testing.T) {
 		assert.NoError(t, solaceContainer.QueueCreate(ctx, queueName))
 		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, topicSubscriptionTopicPattern))
 
-		topicName := "topic://stackit-platform/t/swz/audit-log/eu01/v1/resource-manager/project-system-changed"
+		topicName := "topic://audit-log/eu01/v1/resource-manager/project-system-changed"
 		assert.NoError(t, solaceContainer.ValidateTopicName(topicSubscriptionTopicPattern, topicName))
 
 		// Instantiate audit api
 		auditApi, err := NewLegacyAuditApi(
-			amqpApi,
+			messagingApi,
-			StaticTopicNameConfig{TopicName: topicName},
+			LegacyTopicNameConfig{TopicName: topicName},
 			validator,
 		)
 		assert.NoError(t, err)
 
 		// Instantiate test data
-		event := internalAuditApi.NewProjectSystemAuditEvent(nil)
+		event := newProjectSystemAuditEvent(nil)
 
 		// Log the event to solace
 		visibility := auditV1.Visibility_VISIBILITY_PRIVATE
@@ -336,7 +332,7 @@ func TestLegacyAuditApi(t *testing.T) {
 				ctx,
 				event,
 				visibility,
-				pkgAuditCommon.RoutableSystemIdentifier,
+				RoutableSystemIdentifier,
 			))
 
 		// Receive the event from solace
@@ -349,7 +345,7 @@ func TestLegacyAuditApi(t *testing.T) {
 		assert.Equal(t, "", message.ApplicationProperties["cloudEvents:tracestate"])
 
 		// Check deserialized message
-		var auditEvent internalAuditApi.LegacyAuditEvent
+		var auditEvent LegacyAuditEvent
 		assert.NoError(t, json.Unmarshal(message.Data[0], &auditEvent))
 
 		assert.Equal(t, event.ProtoPayload.ResourceName, *auditEvent.ResourceName)
@@ -371,19 +367,19 @@ func TestLegacyAuditApi(t *testing.T) {
 		assert.NoError(t, solaceContainer.QueueCreate(ctx, queueName))
 		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, topicSubscriptionTopicPattern))
 
-		topicName := "topic://stackit-platform/t/swz/audit-log/eu01/v1/resource-manager/system-changed"
+		topicName := "topic://audit-log/eu01/v1/resource-manager/system-changed"
 		assert.NoError(t, solaceContainer.ValidateTopicName(topicSubscriptionTopicPattern, topicName))
 
 		// Instantiate audit api
 		auditApi, err := NewLegacyAuditApi(
-			amqpApi,
+			messagingApi,
-			StaticTopicNameConfig{TopicName: topicName},
+			LegacyTopicNameConfig{TopicName: topicName},
 			validator,
 		)
 		assert.NoError(t, err)
 
 		// Instantiate test data
-		event := internalAuditApi.NewSystemAuditEvent(nil)
+		event := newSystemAuditEvent(nil)
 
 		// Log the event to solace
 		visibility := auditV1.Visibility_VISIBILITY_PRIVATE
@@ -392,7 +388,7 @@ func TestLegacyAuditApi(t *testing.T) {
 				ctx,
 				event,
 				visibility,
-				pkgAuditCommon.RoutableSystemIdentifier,
+				RoutableSystemIdentifier,
 			))
 
 		// Receive the event from solace
@@ -405,7 +401,7 @@ func TestLegacyAuditApi(t *testing.T) {
 		assert.Equal(t, "", message.ApplicationProperties["cloudEvents:tracestate"])
 
 		// Check deserialized message
-		var auditEvent internalAuditApi.LegacyAuditEvent
+		var auditEvent LegacyAuditEvent
 		assert.NoError(t, json.Unmarshal(message.Data[0], &auditEvent))
 
 		assert.Equal(t, event.ProtoPayload.OperationName, auditEvent.EventName)
@@ -426,19 +422,19 @@ func TestLegacyAuditApi(t *testing.T) {
 		assert.NoError(t, solaceContainer.QueueCreate(ctx, queueName))
 		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, topicSubscriptionTopicPattern))
 
-		topicName := "topic://stackit-platform/t/swz/audit-log/eu01/v1/resource-manager/organization-created"
+		topicName := "topic://audit-log/eu01/v1/resource-manager/organization-created"
 		assert.NoError(t, solaceContainer.ValidateTopicName(topicSubscriptionTopicPattern, topicName))
 
 		// Instantiate audit api
 		auditApi, err := NewLegacyAuditApi(
-			amqpApi,
+			messagingApi,
-			StaticTopicNameConfig{TopicName: topicName},
+			LegacyTopicNameConfig{TopicName: topicName},
 			validator,
 		)
 		assert.NoError(t, err)
 
 		// Instantiate test data
-		event, objectIdentifier := internalAuditApi.NewOrganizationAuditEvent(nil)
+		event, objectIdentifier := newOrganizationAuditEvent(nil)
 		escapedQuery := url.QueryEscape("param=value")
 		event.ProtoPayload.RequestMetadata.RequestAttributes.Query = &escapedQuery
 
@@ -448,7 +444,7 @@ func TestLegacyAuditApi(t *testing.T) {
 			ctx,
 			event,
 			visibility,
-			pkgAuditCommon.NewRoutableIdentifier(objectIdentifier),
+			NewRoutableIdentifier(objectIdentifier),
 		))
 
 		message, err := solaceContainer.NextMessageFromQueue(ctx, queueName, true)
@@ -471,7 +467,7 @@ func validateSentMessage(
 	assert.Equal(t, "", message.ApplicationProperties["cloudEvents:tracestate"])
 
 	// Check deserialized message
-	var auditEvent internalAuditApi.LegacyAuditEvent
+	var auditEvent LegacyAuditEvent
 	assert.NoError(t, json.Unmarshal(message.Data[0], &auditEvent))
 
 	var severity string
@@ -517,13 +513,13 @@ func validateSentMessageWithDetails(
 
 	// Check topic name
 	assert.Equal(t, topicName, *message.Properties.To)
-	assert.Equal(t, pkgAuditCommon.ContentTypeCloudEventsJson, message.ApplicationProperties["cloudEvents:datacontenttype"])
+	assert.Equal(t, ContentTypeCloudEventsJson, message.ApplicationProperties["cloudEvents:datacontenttype"])
 	assert.Equal(t, DataTypeLegacyAuditEventV1, message.ApplicationProperties["cloudEvents:type"])
 	assert.Equal(t, "", message.ApplicationProperties["cloudEvents:traceparent"])
 	assert.Equal(t, "", message.ApplicationProperties["cloudEvents:tracestate"])
 
 	// Check deserialized message
-	var auditEvent internalAuditApi.LegacyAuditEvent
+	var auditEvent LegacyAuditEvent
 	assert.NoError(t, json.Unmarshal(message.Data[0], &auditEvent))
 
 	assert.Equal(t, event.ProtoPayload.OperationName, auditEvent.EventName)
@@ -574,20 +570,20 @@ func validateSentMessageWithDetails(
 func TestLegacyAuditApi_NewLegacyAuditApi(t *testing.T) {
 
 	t.Run("messaging api nil", func(t *testing.T) {
-		auditApi, err := NewLegacyAuditApi(nil, StaticTopicNameConfig{}, nil)
+		auditApi, err := NewLegacyAuditApi(nil, LegacyTopicNameConfig{}, nil)
 		assert.Nil(t, auditApi)
 		assert.EqualError(t, err, "messaging api nil")
 	})
 
 	t.Run("topic name is blank", func(t *testing.T) {
 		// Start solace docker container
-		solaceContainer, err := pkgMessagingTest.NewSolaceContainer(context.Background())
+		solaceContainer, err := messaging.NewSolaceContainer(context.Background())
 		assert.NoError(t, err)
 		defer solaceContainer.Stop()
 
 		// Instantiate the messaging api
-		amqpApi, err := pkgMessagingApi.NewAmqpApi(pkgMessagingCommon.AmqpConnectionPoolConfig{
+		messagingApi, err := messaging.NewAmqpApi(messaging.AmqpConnectionPoolConfig{
-			Parameters: pkgMessagingCommon.AmqpConnectionConfig{BrokerUrl: solaceContainer.AmqpConnectionString},
+			Parameters: messaging.AmqpConnectionConfig{BrokerUrl: solaceContainer.AmqpConnectionString},
 			PoolSize:   1,
 		})
 		assert.NoError(t, err)
@@ -596,7 +592,7 @@ func TestLegacyAuditApi_NewLegacyAuditApi(t *testing.T) {
 		validator, err := protovalidate.New()
 		assert.NoError(t, err)
 
-		auditApi, err := NewLegacyAuditApi(amqpApi, StaticTopicNameConfig{
+		auditApi, err := NewLegacyAuditApi(messagingApi, LegacyTopicNameConfig{
 			TopicName: "",
 		}, validator)
 
@@ -610,15 +606,15 @@ func TestLegacyAuditApi_ValidateAndSerialize_ValidationFailed(t *testing.T) {
 
 	validator := &ProtobufValidatorMock{}
 	validator.On("Validate", mock.Anything).Return(expectedError)
-	var protobufValidator pkgAuditCommon.ProtobufValidator = validator
+	var protobufValidator ProtobufValidator = validator
 
 	auditApi := LegacyAuditApi{
 		tracer:    otel.Tracer("test"),
 		validator: protobufValidator,
 	}
 
-	event := internalAuditApi.NewSystemAuditEvent(nil)
+	event := newSystemAuditEvent(nil)
-	_, err := auditApi.ValidateAndSerialize(context.Background(), event, auditV1.Visibility_VISIBILITY_PUBLIC, pkgAuditCommon.RoutableSystemIdentifier)
+	_, err := auditApi.ValidateAndSerialize(context.Background(), event, auditV1.Visibility_VISIBILITY_PUBLIC, RoutableSystemIdentifier)
 	assert.ErrorIs(t, err, expectedError)
 }
 
@@ -627,22 +623,22 @@ func TestLegacyAuditApi_Log_ValidationFailed(t *testing.T) {
 
 	validator := &ProtobufValidatorMock{}
 	validator.On("Validate", mock.Anything).Return(expectedError)
-	var protobufValidator pkgAuditCommon.ProtobufValidator = validator
+	var protobufValidator ProtobufValidator = validator
 
 	auditApi := LegacyAuditApi{
 		tracer:    otel.Tracer("test"),
 		validator: protobufValidator,
 	}
 
-	event := internalAuditApi.NewSystemAuditEvent(nil)
+	event := newSystemAuditEvent(nil)
-	err := auditApi.Log(context.Background(), event, auditV1.Visibility_VISIBILITY_PUBLIC, pkgAuditCommon.RoutableSystemIdentifier)
+	err := auditApi.Log(context.Background(), event, auditV1.Visibility_VISIBILITY_PUBLIC, RoutableSystemIdentifier)
 	assert.ErrorIs(t, err, expectedError)
 }
 
 func TestLegacyAuditApi_Log_NilEvent(t *testing.T) {
 	auditApi := LegacyAuditApi{tracer: otel.Tracer("test")}
-	err := auditApi.Log(context.Background(), nil, auditV1.Visibility_VISIBILITY_PUBLIC, pkgAuditCommon.RoutableSystemIdentifier)
+	err := auditApi.Log(context.Background(), nil, auditV1.Visibility_VISIBILITY_PUBLIC, RoutableSystemIdentifier)
-	assert.ErrorIs(t, err, pkgAuditCommon.ErrEventNil)
+	assert.ErrorIs(t, err, ErrEventNil)
 }
 
 func TestLegacyAuditApi_ConvertAndSerializeIntoLegacyFormatInvalidObjectIdentifierType(t *testing.T) {
@@ -650,16 +646,16 @@ func TestLegacyAuditApi_ConvertAndSerializeIntoLegacyFormatInvalidObjectIdentifi
 		objectIdentifier *auditV1.ObjectIdentifier) {
 		objectIdentifier.Type = "invalid"
 	}
-	event, objectIdentifier := internalAuditApi.NewProjectAuditEvent(&customization)
+	event, objectIdentifier := newProjectAuditEvent(&customization)
 
 	validator := &ProtobufValidatorMock{}
 	validator.On("Validate", mock.Anything).Return(nil)
-	var protobufValidator pkgAuditCommon.ProtobufValidator = validator
+	var protobufValidator ProtobufValidator = validator
 
 	auditApi := LegacyAuditApi{
 		tracer:    otel.Tracer("test"),
 		validator: protobufValidator,
 	}
-	_, err := auditApi.ValidateAndSerialize(context.Background(), event, auditV1.Visibility_VISIBILITY_PUBLIC, pkgAuditCommon.NewRoutableIdentifier(objectIdentifier))
+	_, err := auditApi.ValidateAndSerialize(context.Background(), event, auditV1.Visibility_VISIBILITY_PUBLIC, NewRoutableIdentifier(objectIdentifier))
-	assert.ErrorIs(t, err, pkgAuditCommon.ErrUnsupportedRoutableType)
+	assert.ErrorIs(t, err, ErrUnsupportedRoutableType)
 }

audit/api/api_mock.go

@@ -3,31 +3,30 @@ package api
 import (
 	"context"
 	"fmt"
-	"strings"
-
-	"buf.build/go/protovalidate"
 	"go.opentelemetry.io/otel"
 	"go.opentelemetry.io/otel/trace"
+	"strings"
+
 	"google.golang.org/protobuf/proto"
 
 	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"
-	internalApi "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/internal/audit/api"
+
-	pkgAuditCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/audit/common"
+	"github.com/bufbuild/protovalidate-go"
 )
 
 // MockAuditApi is an implementation of AuditApi that does nothing and has no dependency to external systems.
 type MockAuditApi struct {
 	tracer    trace.Tracer
-	validator pkgAuditCommon.ProtobufValidator
+	validator ProtobufValidator
 }
 
-func NewMockAuditApi() (pkgAuditCommon.AuditApi, error) {
+func NewMockAuditApi() (AuditApi, error) {
 	validator, err := protovalidate.New()
 	if err != nil {
 		return nil, err
 	}
-	var protobufValidator pkgAuditCommon.ProtobufValidator = validator
+	var protobufValidator ProtobufValidator = validator
-	var auditApi pkgAuditCommon.AuditApi = &MockAuditApi{
+	var auditApi AuditApi = &MockAuditApi{
 		tracer:    otel.Tracer("mock-audit-api"),
 		validator: protobufValidator,
 	}
@@ -40,7 +39,7 @@ func (a *MockAuditApi) Log(
 	ctx context.Context,
 	event *auditV1.AuditLogEntry,
 	visibility auditV1.Visibility,
-	routableIdentifier *pkgAuditCommon.RoutableIdentifier,
+	routableIdentifier *RoutableIdentifier,
 ) error {
 
 	_, err := a.ValidateAndSerialize(ctx, event, visibility, routableIdentifier)
@@ -52,21 +51,21 @@ func (a *MockAuditApi) ValidateAndSerialize(
 	ctx context.Context,
 	event *auditV1.AuditLogEntry,
 	visibility auditV1.Visibility,
-	routableIdentifier *pkgAuditCommon.RoutableIdentifier,
+	routableIdentifier *RoutableIdentifier,
-) (*pkgAuditCommon.CloudEvent, error) {
+) (*CloudEvent, error) {
 
 	ctx, span := a.tracer.Start(ctx, "validate-and-serialize")
 	defer span.End()
 
-	routableEvent, err := internalApi.ValidateAndSerializePartially(a.validator, event, visibility, routableIdentifier)
+	routableEvent, err := validateAndSerializePartially(a.validator, event, visibility, routableIdentifier)
 	if err != nil {
 		return nil, err
 	}
 
 	// Reject event type data-access as the downstream services
 	// cannot handle it at the moment
-	if strings.HasSuffix(event.LogName, string(pkgAuditCommon.EventTypeDataAccess)) {
+	if strings.HasSuffix(event.LogName, string(EventTypeDataAccess)) {
-		return nil, pkgAuditCommon.ErrUnsupportedEventTypeDataAccess
+		return nil, ErrUnsupportedEventTypeDataAccess
 	}
 
 	routableEventBytes, err := proto.Marshal(routableEvent)
@@ -74,9 +73,9 @@ func (a *MockAuditApi) ValidateAndSerialize(
 		return nil, err
 	}
 
-	traceParent, traceState := internalApi.TraceParentAndStateFromContext(ctx)
+	traceParent, traceState := TraceParentAndStateFromContext(ctx)
 
-	message := pkgAuditCommon.CloudEvent{
+	message := CloudEvent{
 		SpecVersion:     "1.0",
 		Source:          event.ProtoPayload.ServiceName,
 		Id:              event.InsertId,
@@ -93,6 +92,6 @@ func (a *MockAuditApi) ValidateAndSerialize(
 }
 
 // Send implements AuditApi.Send
-func (a *MockAuditApi) Send(context.Context, *pkgAuditCommon.RoutableIdentifier, *pkgAuditCommon.CloudEvent) error {
+func (a *MockAuditApi) Send(context.Context, *RoutableIdentifier, *CloudEvent) error {
 	return nil
 }

audit/api/api_mock_test.go

@@ -5,38 +5,19 @@ import (
 	"strings"
 	"testing"
 
-	"buf.build/go/protovalidate"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/mock"
-	"google.golang.org/protobuf/proto"
-
 	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"
-	internalAuditApi "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/internal/audit/api"
+
-	pkgAuditCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/audit/common"
+	"github.com/stretchr/testify/assert"
 )
 
-type ProtobufValidatorMock struct {
-	mock.Mock
-}
-
-func (m *ProtobufValidatorMock) Validate(msg proto.Message, options ...protovalidate.ValidationOption) error {
-	var args mock.Arguments
-	if len(options) > 0 {
-		args = m.Called(msg, options)
-	} else {
-		args = m.Called(msg)
-	}
-	return args.Error(0)
-}
-
 func TestMockAuditApi_Log(t *testing.T) {
 
 	auditApi, err := NewMockAuditApi()
 	assert.NoError(t, err)
 
 	// Instantiate test data
-	event, objectIdentifier := internalAuditApi.NewOrganizationAuditEvent(nil)
+	event, objectIdentifier := newOrganizationAuditEvent(nil)
-	routableObjectIdentifier := pkgAuditCommon.NewRoutableIdentifier(objectIdentifier)
+	routableObjectIdentifier := NewRoutableIdentifier(objectIdentifier)
 
 	// Test
 	t.Run("Log", func(t *testing.T) {
@@ -45,13 +26,13 @@ func TestMockAuditApi_Log(t *testing.T) {
 	})
 
 	t.Run("reject data access event", func(t *testing.T) {
-		orgEvent, objIdentifier := internalAuditApi.NewOrganizationAuditEvent(nil)
+		orgEvent, objIdentifier := newOrganizationAuditEvent(nil)
-		orgEvent.LogName = strings.Replace(orgEvent.LogName, string(pkgAuditCommon.EventTypeAdminActivity), string(pkgAuditCommon.EventTypeDataAccess), 1)
+		orgEvent.LogName = strings.Replace(orgEvent.LogName, string(EventTypeAdminActivity), string(EventTypeDataAccess), 1)
-		rtIdentifier := pkgAuditCommon.NewRoutableIdentifier(objIdentifier)
+		rtIdentifier := NewRoutableIdentifier(objIdentifier)
 
 		assert.ErrorIs(t, auditApi.Log(
 			context.Background(), orgEvent, auditV1.Visibility_VISIBILITY_PUBLIC, rtIdentifier),
-			pkgAuditCommon.ErrUnsupportedEventTypeDataAccess)
+			ErrUnsupportedEventTypeDataAccess)
 	})
 
 	t.Run("ValidateAndSerialize", func(t *testing.T) {
@@ -69,11 +50,11 @@ func TestMockAuditApi_Log(t *testing.T) {
 		visibility := auditV1.Visibility_VISIBILITY_PUBLIC
 		_, err := auditApi.ValidateAndSerialize(context.Background(), nil, visibility, routableObjectIdentifier)
 
-		assert.ErrorIs(t, err, pkgAuditCommon.ErrEventNil)
+		assert.ErrorIs(t, err, ErrEventNil)
 	})
 
 	t.Run("Send", func(t *testing.T) {
-		var cloudEvent = pkgAuditCommon.CloudEvent{}
+		var cloudEvent = CloudEvent{}
 
 		assert.Nil(t, auditApi.Send(context.Background(), routableObjectIdentifier, &cloudEvent))
 	})

audit/api/api_routable.go

@@ -4,16 +4,14 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"strings"
-
 	"go.opentelemetry.io/otel"
 	"go.opentelemetry.io/otel/trace"
+	"strings"
+
 	"google.golang.org/protobuf/proto"
 
+	"dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/audit/messaging"
 	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"
-	internalAuditApi "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/internal/audit/api"
-	pkgAuditCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/audit/common"
-	pkgMessagingApi "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/messaging/api"
 )
 
 // routableTopicNameResolver implements TopicNameResolver.
@@ -27,23 +25,23 @@ type routableTopicNameResolver struct {
 }
 
 // Resolve implements TopicNameResolver.Resolve.
-func (r *routableTopicNameResolver) Resolve(routableIdentifier *pkgAuditCommon.RoutableIdentifier) (string, error) {
+func (r *routableTopicNameResolver) Resolve(routableIdentifier *RoutableIdentifier) (string, error) {
 
 	if routableIdentifier == nil {
-		return "", pkgAuditCommon.ErrObjectIdentifierNil
+		return "", ErrObjectIdentifierNil
 	}
 
 	switch routableIdentifier.Type {
-	case pkgAuditCommon.ObjectTypeOrganization:
+	case ObjectTypeOrganization:
 		return fmt.Sprintf("topic://%s/%s", r.organizationTopicPrefix, routableIdentifier.Identifier), nil
-	case pkgAuditCommon.ObjectTypeProject:
+	case ObjectTypeProject:
 		return fmt.Sprintf("topic://%s/%s", r.projectTopicPrefix, routableIdentifier.Identifier), nil
-	case pkgAuditCommon.ObjectTypeFolder:
+	case ObjectTypeFolder:
 		return fmt.Sprintf("topic://%s/%s", r.folderTopicPrefix, routableIdentifier.Identifier), nil
-	case pkgAuditCommon.ObjectTypeSystem:
+	case ObjectTypeSystem:
 		return r.systemTopicName, nil
 	default:
-		return "", pkgAuditCommon.ErrUnsupportedObjectIdentifierType
+		return "", ErrUnsupportedObjectIdentifierType
 	}
 }
 
@@ -59,18 +57,18 @@ type topicNameConfig struct {
 // Warning: It is only there for local (compatibility) testing.
 // DO NOT USE IT!
 type routableAuditApi struct {
-	messagingApi      pkgMessagingApi.Api
+	messagingApi      messaging.Api
-	topicNameResolver pkgAuditCommon.TopicNameResolver
+	topicNameResolver TopicNameResolver
 	tracer            trace.Tracer
-	validator         pkgAuditCommon.ProtobufValidator
+	validator         ProtobufValidator
 }
 
 // NewRoutableAuditApi can be used to initialize the audit log api.
 func newRoutableAuditApi(
-	messagingApi pkgMessagingApi.Api,
+	messagingApi messaging.Api,
 	topicNameConfig topicNameConfig,
-	validator pkgAuditCommon.ProtobufValidator,
+	validator ProtobufValidator,
-) (pkgAuditCommon.AuditApi, error) {
+) (AuditApi, error) {
 
 	if messagingApi == nil {
 		return nil, errors.New("messaging api nil")
@@ -90,7 +88,7 @@ func newRoutableAuditApi(
 		return nil, errors.New("system topic name is required")
 	}
 
-	var topicNameResolver pkgAuditCommon.TopicNameResolver = &routableTopicNameResolver{
+	var topicNameResolver TopicNameResolver = &routableTopicNameResolver{
 		folderTopicPrefix:       topicNameConfig.FolderTopicPrefix,
 		organizationTopicPrefix: topicNameConfig.OrganizationTopicPrefix,
 		projectTopicPrefix:      topicNameConfig.ProjectTopicPrefix,
@@ -98,7 +96,7 @@ func newRoutableAuditApi(
 	}
 
 	// Audit api
-	var auditApi pkgAuditCommon.AuditApi = &routableAuditApi{
+	var auditApi AuditApi = &routableAuditApi{
 		messagingApi:      messagingApi,
 		topicNameResolver: topicNameResolver,
 		tracer:            otel.Tracer("routable-audit-api"),
@@ -113,7 +111,7 @@ func (a *routableAuditApi) Log(
 	ctx context.Context,
 	event *auditV1.AuditLogEntry,
 	visibility auditV1.Visibility,
-	routableIdentifier *pkgAuditCommon.RoutableIdentifier,
+	routableIdentifier *RoutableIdentifier,
 ) error {
 
 	cloudEvent, err := a.ValidateAndSerialize(ctx, event, visibility, routableIdentifier)
@@ -129,13 +127,13 @@ func (a *routableAuditApi) ValidateAndSerialize(
 	ctx context.Context,
 	event *auditV1.AuditLogEntry,
 	visibility auditV1.Visibility,
-	routableIdentifier *pkgAuditCommon.RoutableIdentifier,
+	routableIdentifier *RoutableIdentifier,
-) (*pkgAuditCommon.CloudEvent, error) {
+) (*CloudEvent, error) {
 
 	ctx, span := a.tracer.Start(ctx, "validate-and-serialize")
 	defer span.End()
 
-	routableEvent, err := internalAuditApi.ValidateAndSerializePartially(
+	routableEvent, err := validateAndSerializePartially(
 		a.validator,
 		event,
 		visibility,
@@ -147,8 +145,8 @@ func (a *routableAuditApi) ValidateAndSerialize(
 
 	// Reject event type data-access as the downstream services
 	// cannot handle it at the moment
-	if strings.HasSuffix(event.LogName, string(pkgAuditCommon.EventTypeDataAccess)) {
+	if strings.HasSuffix(event.LogName, string(EventTypeDataAccess)) {
-		return nil, pkgAuditCommon.ErrUnsupportedEventTypeDataAccess
+		return nil, ErrUnsupportedEventTypeDataAccess
 	}
 
 	routableEventBytes, err := proto.Marshal(routableEvent)
@@ -156,14 +154,14 @@ func (a *routableAuditApi) ValidateAndSerialize(
 		return nil, err
 	}
 
-	traceParent, traceState := internalAuditApi.TraceParentAndStateFromContext(ctx)
+	traceParent, traceState := TraceParentAndStateFromContext(ctx)
 
-	message := pkgAuditCommon.CloudEvent{
+	message := CloudEvent{
 		SpecVersion:     "1.0",
 		Source:          event.ProtoPayload.ServiceName,
 		Id:              event.InsertId,
 		Time:            event.ProtoPayload.RequestMetadata.RequestAttributes.Time.AsTime(),
-		DataContentType: pkgAuditCommon.ContentTypeCloudEventsProtobuf,
+		DataContentType: ContentTypeCloudEventsProtobuf,
 		DataType:        fmt.Sprintf("%v", routableEvent.ProtoReflect().Descriptor().FullName()),
 		Subject:         event.ProtoPayload.ResourceName,
 		Data:            routableEventBytes,
@@ -177,15 +175,15 @@ func (a *routableAuditApi) ValidateAndSerialize(
 // Send implements AuditApi.Send
 func (a *routableAuditApi) Send(
 	ctx context.Context,
-	routableIdentifier *pkgAuditCommon.RoutableIdentifier,
+	routableIdentifier *RoutableIdentifier,
-	cloudEvent *pkgAuditCommon.CloudEvent,
+	cloudEvent *CloudEvent,
 ) error {
 
 	if cloudEvent != nil && cloudEvent.TraceParent != nil && cloudEvent.TraceState != nil {
-		ctx = internalAuditApi.AddTraceParentAndStateToContext(ctx, *cloudEvent.TraceParent, *cloudEvent.TraceState)
+		ctx = AddTraceParentAndStateToContext(ctx, *cloudEvent.TraceParent, *cloudEvent.TraceState)
 	}
 	ctx, span := a.tracer.Start(ctx, "send")
 	defer span.End()
 
-	return internalAuditApi.Send(a.topicNameResolver, a.messagingApi, ctx, routableIdentifier, cloudEvent)
+	return send(a.topicNameResolver, a.messagingApi, ctx, routableIdentifier, cloudEvent)
 }

audit/api/api_routable_test.go

@@ -4,24 +4,21 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"go.opentelemetry.io/otel"
 	"strings"
 	"testing"
 	"time"
 
-	"buf.build/go/protovalidate"
-	"github.com/Azure/go-amqp"
 	"github.com/google/uuid"
+
+	"dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/audit/messaging"
+	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"
+
+	"github.com/Azure/go-amqp"
+	"github.com/bufbuild/protovalidate-go"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
-	"go.opentelemetry.io/otel"
 	"google.golang.org/protobuf/proto"
-
-	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"
-	internalAuditApi "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/internal/audit/api"
-	pkgAuditCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/audit/common"
-	pkgMessagingApi "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/messaging/api"
-	pgkMessagingCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/messaging/common"
-	pkgMessagingTest "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/messaging/test"
 )
 
 func TestRoutableAuditApi(t *testing.T) {
@@ -31,13 +28,13 @@ func TestRoutableAuditApi(t *testing.T) {
 	defer cancelFn()
 
 	// Start solace docker container
-	solaceContainer, err := pkgMessagingTest.NewSolaceContainer(context.Background())
+	solaceContainer, err := messaging.NewSolaceContainer(context.Background())
 	assert.NoError(t, err)
 	defer solaceContainer.Stop()
 
 	// Instantiate the messaging api
-	amqpApi, err := pkgMessagingApi.NewAmqpApi(pgkMessagingCommon.AmqpConnectionPoolConfig{
+	messagingApi, err := messaging.NewAmqpApi(messaging.AmqpConnectionPoolConfig{
-		Parameters: pgkMessagingCommon.AmqpConnectionConfig{BrokerUrl: solaceContainer.AmqpConnectionString},
+		Parameters: messaging.AmqpConnectionConfig{BrokerUrl: solaceContainer.AmqpConnectionString},
 		PoolSize:   1,
 	})
 	assert.NoError(t, err)
@@ -53,7 +50,7 @@ func TestRoutableAuditApi(t *testing.T) {
 	systemTopicName := "topic://system/admin-events"
 
 	auditApi, err := newRoutableAuditApi(
-		amqpApi,
+		messagingApi,
 		topicNameConfig{
 			FolderTopicPrefix:       folderTopicPrefix,
 			OrganizationTopicPrefix: organizationTopicPrefix,
@@ -74,8 +71,8 @@ func TestRoutableAuditApi(t *testing.T) {
 		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, "org/*"))
 
 		// Instantiate test data
-		event, objectIdentifier := internalAuditApi.NewOrganizationAuditEvent(nil)
+		event, objectIdentifier := newOrganizationAuditEvent(nil)
-		event.LogName = strings.Replace(event.LogName, string(pkgAuditCommon.EventTypeAdminActivity), string(pkgAuditCommon.EventTypeDataAccess), 1)
+		event.LogName = strings.Replace(event.LogName, string(EventTypeAdminActivity), string(EventTypeDataAccess), 1)
 
 		// Log the event to solace
 		visibility := auditV1.Visibility_VISIBILITY_PUBLIC
@@ -83,7 +80,7 @@ func TestRoutableAuditApi(t *testing.T) {
 			ctx,
 			event,
 			visibility,
-			pkgAuditCommon.NewRoutableIdentifier(objectIdentifier)), pkgAuditCommon.ErrUnsupportedEventTypeDataAccess)
+			NewRoutableIdentifier(objectIdentifier)), ErrUnsupportedEventTypeDataAccess)
 	})
 
 	// Check logging of organization events
@@ -96,7 +93,7 @@ func TestRoutableAuditApi(t *testing.T) {
 		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, "org/*"))
 
 		// Instantiate test data
-		event, objectIdentifier := internalAuditApi.NewOrganizationAuditEvent(nil)
+		event, objectIdentifier := newOrganizationAuditEvent(nil)
 
 		// Log the event to solace
 		visibility := auditV1.Visibility_VISIBILITY_PUBLIC
@@ -104,7 +101,7 @@ func TestRoutableAuditApi(t *testing.T) {
 			ctx,
 			event,
 			visibility,
-			pkgAuditCommon.NewRoutableIdentifier(objectIdentifier)))
+			NewRoutableIdentifier(objectIdentifier)))
 
 		message, err := solaceContainer.NextMessageFromQueue(ctx, queueName, true)
 		assert.NoError(t, err)
@@ -127,7 +124,7 @@ func TestRoutableAuditApi(t *testing.T) {
 		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, "org/*"))
 
 		// Instantiate test data
-		event, objectIdentifier := internalAuditApi.NewOrganizationAuditEvent(nil)
+		event, objectIdentifier := newOrganizationAuditEvent(nil)
 		topicName := fmt.Sprintf("org/%s", objectIdentifier.Identifier)
 		assert.NoError(
 			t,
@@ -140,7 +137,7 @@ func TestRoutableAuditApi(t *testing.T) {
 				ctx,
 				event,
 				visibility,
-				pkgAuditCommon.NewRoutableIdentifier(objectIdentifier)))
+				NewRoutableIdentifier(objectIdentifier)))
 
 		// Receive the event from solace
 		message, err := solaceContainer.NextMessageFromQueue(ctx, queueName, true)
@@ -166,7 +163,7 @@ func TestRoutableAuditApi(t *testing.T) {
 		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, "folder/*"))
 
 		// Instantiate test data
-		event, objectIdentifier := internalAuditApi.NewFolderAuditEvent(nil)
+		event, objectIdentifier := newFolderAuditEvent(nil)
 
 		// Log the event to solace
 		visibility := auditV1.Visibility_VISIBILITY_PUBLIC
@@ -174,7 +171,7 @@ func TestRoutableAuditApi(t *testing.T) {
 			ctx,
 			event,
 			visibility,
-			pkgAuditCommon.NewRoutableIdentifier(objectIdentifier)))
+			NewRoutableIdentifier(objectIdentifier)))
 
 		message, err := solaceContainer.NextMessageFromQueue(ctx, queueName, true)
 		assert.NoError(t, err)
@@ -197,7 +194,7 @@ func TestRoutableAuditApi(t *testing.T) {
 		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, "folder/*"))
 
 		// Instantiate test data
-		event, objectIdentifier := internalAuditApi.NewFolderAuditEvent(nil)
+		event, objectIdentifier := newFolderAuditEvent(nil)
 		topicName := fmt.Sprintf("folder/%s", objectIdentifier.Identifier)
 		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, topicName))
 
@@ -208,7 +205,7 @@ func TestRoutableAuditApi(t *testing.T) {
 				ctx,
 				event,
 				visibility,
-				pkgAuditCommon.NewRoutableIdentifier(objectIdentifier)))
+				NewRoutableIdentifier(objectIdentifier)))
 
 		// Receive the event from solace
 		message, err := solaceContainer.NextMessageFromQueue(ctx, queueName, true)
@@ -233,7 +230,7 @@ func TestRoutableAuditApi(t *testing.T) {
 		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, "project/*"))
 
 		// Instantiate test data
-		event, objectIdentifier := internalAuditApi.NewProjectAuditEvent(nil)
+		event, objectIdentifier := newProjectAuditEvent(nil)
 
 		// Log the event to solace
 		visibility := auditV1.Visibility_VISIBILITY_PUBLIC
@@ -242,7 +239,7 @@ func TestRoutableAuditApi(t *testing.T) {
 				ctx,
 				event,
 				visibility,
-				pkgAuditCommon.NewRoutableIdentifier(objectIdentifier)))
+				NewRoutableIdentifier(objectIdentifier)))
 
 		// Receive the event from solace
 		message, err := solaceContainer.NextMessageFromQueue(ctx, queueName, true)
@@ -266,7 +263,7 @@ func TestRoutableAuditApi(t *testing.T) {
 		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, "project/*"))
 
 		// Instantiate test data
-		event, objectIdentifier := internalAuditApi.NewProjectAuditEvent(nil)
+		event, objectIdentifier := newProjectAuditEvent(nil)
 
 		// Log the event to solace
 		visibility := auditV1.Visibility_VISIBILITY_PRIVATE
@@ -275,7 +272,7 @@ func TestRoutableAuditApi(t *testing.T) {
 				ctx,
 				event,
 				visibility,
-				pkgAuditCommon.NewRoutableIdentifier(objectIdentifier)))
+				NewRoutableIdentifier(objectIdentifier)))
 
 		// Receive the event from solace
 		message, err := solaceContainer.NextMessageFromQueue(ctx, queueName, true)
@@ -300,7 +297,7 @@ func TestRoutableAuditApi(t *testing.T) {
 		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, "system/*"))
 
 		// Instantiate test data
-		event := internalAuditApi.NewProjectSystemAuditEvent(nil)
+		event := newProjectSystemAuditEvent(nil)
 
 		// Log the event to solace
 		visibility := auditV1.Visibility_VISIBILITY_PRIVATE
@@ -309,7 +306,7 @@ func TestRoutableAuditApi(t *testing.T) {
 				ctx,
 				event,
 				visibility,
-				pkgAuditCommon.RoutableSystemIdentifier,
+				RoutableSystemIdentifier,
 			))
 
 		// Receive the event from solace
@@ -335,7 +332,7 @@ func TestRoutableAuditApi(t *testing.T) {
 		validateRoutableEventPayload(
 			t,
 			message.Data[0],
-			pkgAuditCommon.RoutableSystemIdentifier.ToObjectIdentifier(),
+			RoutableSystemIdentifier.ToObjectIdentifier(),
 			event,
 			"stackit.resourcemanager.v2.system.changed",
 			visibility)
@@ -350,7 +347,7 @@ func TestRoutableAuditApi(t *testing.T) {
 		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, "system/*"))
 
 		// Instantiate test data
-		event := internalAuditApi.NewSystemAuditEvent(nil)
+		event := newSystemAuditEvent(nil)
 
 		// Log the event to solace
 		visibility := auditV1.Visibility_VISIBILITY_PRIVATE
@@ -359,7 +356,7 @@ func TestRoutableAuditApi(t *testing.T) {
 				ctx,
 				event,
 				visibility,
-				pkgAuditCommon.RoutableSystemIdentifier,
+				RoutableSystemIdentifier,
 			))
 
 		// Receive the event from solace
@@ -385,7 +382,7 @@ func TestRoutableAuditApi(t *testing.T) {
 		validateRoutableEventPayload(
 			t,
 			message.Data[0],
-			pkgAuditCommon.SystemIdentifier,
+			SystemIdentifier,
 			event,
 			"stackit.resourcemanager.v2.system.changed",
 			visibility)
@@ -401,7 +398,7 @@ func TestRoutableAuditApi(t *testing.T) {
 		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, "org/*"))
 
 		// Instantiate test data
-		event, objectIdentifier := internalAuditApi.NewOrganizationAuditEvent(nil)
+		event, objectIdentifier := newOrganizationAuditEvent(nil)
 
 		// Log the event to solace
 		visibility := auditV1.Visibility_VISIBILITY_PUBLIC
@@ -409,7 +406,7 @@ func TestRoutableAuditApi(t *testing.T) {
 			ctx,
 			event,
 			visibility,
-			pkgAuditCommon.NewRoutableIdentifier(objectIdentifier)))
+			NewRoutableIdentifier(objectIdentifier)))
 
 		message, err := solaceContainer.NextMessageFromQueue(ctx, queueName, true)
 		assert.NoError(t, err)
@@ -447,7 +444,7 @@ func validateSentEvent(
 	_, isUuid := uuid.Parse(fmt.Sprintf("%s", applicationProperties["cloudEvents:id"]))
 	assert.True(t, true, isUuid)
 	assert.Equal(t, event.ProtoPayload.RequestMetadata.RequestAttributes.Time.AsTime().UnixMilli(), applicationProperties["cloudEvents:time"])
-	assert.Equal(t, pkgAuditCommon.ContentTypeCloudEventsProtobuf, applicationProperties["cloudEvents:datacontenttype"])
+	assert.Equal(t, ContentTypeCloudEventsProtobuf, applicationProperties["cloudEvents:datacontenttype"])
 	assert.Equal(t, "audit.v1.RoutableAuditEvent", applicationProperties["cloudEvents:type"])
 	assert.Equal(t, "", applicationProperties["cloudEvents:traceparent"])
 	assert.Equal(t, "", applicationProperties["cloudEvents:tracestate"])
@@ -489,8 +486,8 @@ func validateRoutableEventPayload(
 
 func TestRoutableTopicNameResolver_Resolve_UnsupportedIdentifierType(t *testing.T) {
 	resolver := routableTopicNameResolver{}
-	_, err := resolver.Resolve(pkgAuditCommon.NewRoutableIdentifier(&auditV1.ObjectIdentifier{Type: "unsupported"}))
+	_, err := resolver.Resolve(NewRoutableIdentifier(&auditV1.ObjectIdentifier{Type: "unsupported"}))
-	assert.ErrorIs(t, err, pkgAuditCommon.ErrUnsupportedObjectIdentifierType)
+	assert.ErrorIs(t, err, ErrUnsupportedObjectIdentifierType)
 }
 
 func TestNewRoutableAuditApi_NewRoutableAuditApi_MessagingApiNil(t *testing.T) {
@@ -504,15 +501,15 @@ func TestRoutableAuditApi_ValidateAndSerialize_ValidationFailed(t *testing.T) {
 
 	validator := &ProtobufValidatorMock{}
 	validator.On("Validate", mock.Anything).Return(expectedError)
-	var protobufValidator pkgAuditCommon.ProtobufValidator = validator
+	var protobufValidator ProtobufValidator = validator
 
 	auditApi := routableAuditApi{
 		tracer:    otel.Tracer("test"),
 		validator: protobufValidator,
 	}
 
-	event := internalAuditApi.NewSystemAuditEvent(nil)
+	event := newSystemAuditEvent(nil)
-	_, err := auditApi.ValidateAndSerialize(context.Background(), event, auditV1.Visibility_VISIBILITY_PUBLIC, pkgAuditCommon.RoutableSystemIdentifier)
+	_, err := auditApi.ValidateAndSerialize(context.Background(), event, auditV1.Visibility_VISIBILITY_PUBLIC, RoutableSystemIdentifier)
 	assert.ErrorIs(t, err, expectedError)
 }
 
@@ -521,20 +518,20 @@ func TestRoutableAuditApi_Log_ValidationFailed(t *testing.T) {
 
 	validator := &ProtobufValidatorMock{}
 	validator.On("Validate", mock.Anything).Return(expectedError)
-	var protobufValidator pkgAuditCommon.ProtobufValidator = validator
+	var protobufValidator ProtobufValidator = validator
 
 	auditApi := routableAuditApi{
 		tracer:    otel.Tracer("test"),
 		validator: protobufValidator,
 	}
 
-	event := internalAuditApi.NewSystemAuditEvent(nil)
+	event := newSystemAuditEvent(nil)
-	err := auditApi.Log(context.Background(), event, auditV1.Visibility_VISIBILITY_PUBLIC, pkgAuditCommon.RoutableSystemIdentifier)
+	err := auditApi.Log(context.Background(), event, auditV1.Visibility_VISIBILITY_PUBLIC, RoutableSystemIdentifier)
 	assert.ErrorIs(t, err, expectedError)
 }
 
 func TestRoutableAuditApi_Log_NilEvent(t *testing.T) {
 	auditApi := routableAuditApi{tracer: otel.Tracer("test")}
-	err := auditApi.Log(context.Background(), nil, auditV1.Visibility_VISIBILITY_PUBLIC, pkgAuditCommon.RoutableSystemIdentifier)
+	err := auditApi.Log(context.Background(), nil, auditV1.Visibility_VISIBILITY_PUBLIC, RoutableSystemIdentifier)
-	assert.ErrorIs(t, err, pkgAuditCommon.ErrEventNil)
+	assert.ErrorIs(t, err, ErrEventNil)
 }

audit/api/base64.go

@@ -5,8 +5,6 @@ import (
 	"encoding/json"
 	"errors"
 	"strings"
-
-	pkgAuditCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/audit/common"
 )
 
 const base64AuditEventV1 = "v1"
@@ -16,16 +14,16 @@ var ErrRoutableIdentifierNil = errors.New("routableIdentifier must not be nil")
 var ErrUnsupportedBase64StringVersion = errors.New("unsupported base64 cloud event string version")
 
 type serializableEvent struct {
-	CloudEvent         pkgAuditCommon.CloudEvent         `json:"cloudEvent"`
+	CloudEvent         CloudEvent         `json:"cloudEvent"`
-	RoutableIdentifier pkgAuditCommon.RoutableIdentifier `json:"routableIdentifier"`
+	RoutableIdentifier RoutableIdentifier `json:"routableIdentifier"`
 }
 
 func ToBase64(
-	cloudEvent *pkgAuditCommon.CloudEvent,
+	cloudEvent *CloudEvent,
-	routableIdentifier *pkgAuditCommon.RoutableIdentifier) (*string, error) {
+	routableIdentifier *RoutableIdentifier) (*string, error) {
 
 	if cloudEvent == nil {
-		return nil, pkgAuditCommon.ErrCloudEventNil
+		return nil, ErrCloudEventNil
 	}
 
 	if routableIdentifier == nil {
@@ -47,7 +45,7 @@ func ToBase64(
 	return &base64Str, nil
 }
 
-func FromBase64(base64Str string) (*pkgAuditCommon.CloudEvent, *pkgAuditCommon.RoutableIdentifier, error) {
+func FromBase64(base64Str string) (*CloudEvent, *RoutableIdentifier, error) {
 	if base64Str == "" {
 		return nil, nil, ErrBase64StringEmpty
 	}

audit/api/base64_test.go

@@ -2,27 +2,24 @@ package api
 
 import (
 	"encoding/base64"
-	"testing"
-
 	"github.com/stretchr/testify/assert"
-
+	"testing"
-	pkgAuditCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/audit/common"
 )
 
 func Test_ToBase64(t *testing.T) {
 
 	t.Run("cloud event nil", func(t *testing.T) {
-		var cloudEvent *pkgAuditCommon.CloudEvent = nil
+		var cloudEvent *CloudEvent = nil
-		routableIdentifier := pkgAuditCommon.RoutableSystemIdentifier
+		routableIdentifier := RoutableSystemIdentifier
 
 		base64str, err := ToBase64(cloudEvent, routableIdentifier)
-		assert.ErrorIs(t, err, pkgAuditCommon.ErrCloudEventNil)
+		assert.ErrorIs(t, err, ErrCloudEventNil)
 		assert.Nil(t, base64str)
 	})
 
 	t.Run("routable identifier nil", func(t *testing.T) {
-		cloudEvent := &pkgAuditCommon.CloudEvent{}
+		cloudEvent := &CloudEvent{}
-		var routableIdentifier *pkgAuditCommon.RoutableIdentifier = nil
+		var routableIdentifier *RoutableIdentifier = nil
 
 		base64str, err := ToBase64(cloudEvent, routableIdentifier)
 		assert.ErrorIs(t, err, ErrRoutableIdentifierNil)
@@ -30,8 +27,8 @@ func Test_ToBase64(t *testing.T) {
 	})
 
 	t.Run("encoded event", func(t *testing.T) {
-		e := &pkgAuditCommon.CloudEvent{}
+		e := &CloudEvent{}
-		r := pkgAuditCommon.RoutableSystemIdentifier
+		r := RoutableSystemIdentifier
 		base64str, err := ToBase64(e, r)
 		assert.NoError(t, err)
 
@@ -75,8 +72,8 @@ func Test_FromBase64(t *testing.T) {
 	})
 
 	t.Run("decoded event", func(t *testing.T) {
-		e := &pkgAuditCommon.CloudEvent{}
+		e := &CloudEvent{}
-		r := pkgAuditCommon.RoutableSystemIdentifier
+		r := RoutableSystemIdentifier
 		base64str, err := ToBase64(e, r)
 		assert.NoError(t, err)
 

audit/api/builder.go

@@ -2,18 +2,14 @@ package api
 
 import (
 	"context"
+	"dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/audit/utils"
+	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"
 	"errors"
 	"fmt"
-	"time"
-
 	"github.com/google/uuid"
 	"go.opentelemetry.io/otel"
 	"go.opentelemetry.io/otel/trace"
-
+	"time"
-	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"
-	internalAuditApi "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/internal/audit/api"
-	pkgAuditCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/audit/common"
-	pkgAuditUtils "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/audit/utils"
 )
 
 const quadZero = "0.0.0.0"
@@ -26,7 +22,7 @@ type AuditParameters struct {
 	Details map[string]interface{}
 
 	// The type of the event
-	EventType pkgAuditCommon.EventType
+	EventType EventType
 
 	// A set of user-defined (key, value) data that provides additional
 	// information about the log entry.
@@ -36,7 +32,7 @@ type AuditParameters struct {
 	ObjectId string
 
 	// Type of the object, the audit event refers to
-	ObjectType pkgAuditCommon.ObjectType
+	ObjectType ObjectType
 
 	ResponseBody any
 
@@ -46,14 +42,14 @@ type AuditParameters struct {
 
 func getObjectIdAndTypeFromAuditParams(
 	auditParams *AuditParameters,
-) (string, *pkgAuditCommon.ObjectType, error) {
+) (string, *ObjectType, error) {
 
 	objectId := auditParams.ObjectId
 	if objectId == "" {
 		return "", nil, errors.New("object id missing")
 	}
 
-	var objectType *pkgAuditCommon.ObjectType
+	var objectType *ObjectType
 	if auditParams.ObjectType != "" {
 		objectType = &auditParams.ObjectType
 	}
@@ -70,9 +66,9 @@ func getObjectIdAndTypeFromAuditParams(
 // AuditLogEntryBuilder collects audit params to construct auditV1.AuditLogEntry
 type AuditLogEntryBuilder struct {
 	auditParams   AuditParameters
-	auditRequest  internalAuditApi.AuditRequest
+	auditRequest  AuditRequest
-	auditResponse internalAuditApi.AuditResponse
+	auditResponse AuditResponse
-	auditMetadata internalAuditApi.AuditMetadata
+	auditMetadata AuditMetadata
 
 	// Region and optional zone id. If both, separated with a - (dash).
 	// Example: eu01
@@ -92,23 +88,23 @@ func NewAuditLogEntryBuilder() *AuditLogEntryBuilder {
 
 	return &AuditLogEntryBuilder{
 		auditParams: AuditParameters{
-			EventType: pkgAuditCommon.EventTypeAdminActivity,
+			EventType: EventTypeAdminActivity,
 		},
-		auditRequest: internalAuditApi.AuditRequest{
+		auditRequest: AuditRequest{
-			Request:              &pkgAuditCommon.ApiRequest{},
+			Request:              &ApiRequest{},
 			RequestClientIP:      quadZero,
 			RequestCorrelationId: nil,
 			RequestId:            nil,
 			RequestTime:          &requestTime,
 		},
-		auditResponse: internalAuditApi.AuditResponse{
+		auditResponse: AuditResponse{
 			ResponseBodyBytes:  nil,
 			ResponseStatusCode: 200,
 			ResponseHeaders:    make(map[string][]string),
 			ResponseNumItems:   nil,
 			ResponseTime:       nil,
 		},
-		auditMetadata: internalAuditApi.AuditMetadata{
+		auditMetadata: AuditMetadata{
 			AuditInsertId:          "",
 			AuditLabels:            nil,
 			AuditLogName:           "",
@@ -128,7 +124,7 @@ func NewAuditLogEntryBuilder() *AuditLogEntryBuilder {
 
 func (builder *AuditLogEntryBuilder) AsSystemEvent() *AuditLogEntryBuilder {
 	if builder.auditRequest.Request == nil {
-		builder.auditRequest.Request = &pkgAuditCommon.ApiRequest{}
+		builder.auditRequest.Request = &ApiRequest{}
 	}
 	if builder.auditRequest.Request.Header == nil {
 		builder.auditRequest.Request.Header = map[string][]string{"user-agent": {"none"}}
@@ -151,25 +147,16 @@ func (builder *AuditLogEntryBuilder) AsSystemEvent() *AuditLogEntryBuilder {
 	if builder.auditRequest.RequestClientIP == "" {
 		builder.auditRequest.RequestClientIP = quadZero
 	}
-	builder.WithEventType(pkgAuditCommon.EventTypeSystemEvent)
+	builder.WithEventType(EventTypeSystemEvent)
 	return builder
 }
 
 // WithRequiredApiRequest adds api request details
-func (builder *AuditLogEntryBuilder) WithRequiredApiRequest(request pkgAuditCommon.ApiRequest) *AuditLogEntryBuilder {
+func (builder *AuditLogEntryBuilder) WithRequiredApiRequest(request ApiRequest) *AuditLogEntryBuilder {
 	builder.auditRequest.Request = &request
 	return builder
 }
 
-// GetApiRequest returns the api request details
-func (builder *AuditLogEntryBuilder) GetApiRequest() *pkgAuditCommon.ApiRequest {
-	return builder.auditRequest.Request
-}
-
-func (builder *AuditLogEntryBuilder) GetApiRequestBody() *pkgAuditCommon.ApiRequest {
-	return builder.auditRequest.Request
-}
-
 // WithRequiredLocation adds the region and optional zone id. If both, separated with a - (dash).
 // Example: eu01
 func (builder *AuditLogEntryBuilder) WithRequiredLocation(location string) *AuditLogEntryBuilder {
@@ -222,7 +209,7 @@ func (builder *AuditLogEntryBuilder) WithRequiredObjectId(objectId string) *Audi
 
 // WithRequiredObjectType adds the object type.
 // May be prefilled by audit middleware (if the type can be extracted from the url path).
-func (builder *AuditLogEntryBuilder) WithRequiredObjectType(objectType pkgAuditCommon.ObjectType) *AuditLogEntryBuilder {
+func (builder *AuditLogEntryBuilder) WithRequiredObjectType(objectType ObjectType) *AuditLogEntryBuilder {
 	builder.auditParams.ObjectType = objectType
 	return builder
 }
@@ -279,7 +266,7 @@ func (builder *AuditLogEntryBuilder) WithNumResponseItems(numResponseItems int64
 }
 
 // WithEventType overwrites the default event type EventTypeAdminActivity
-func (builder *AuditLogEntryBuilder) WithEventType(eventType pkgAuditCommon.EventType) *AuditLogEntryBuilder {
+func (builder *AuditLogEntryBuilder) WithEventType(eventType EventType) *AuditLogEntryBuilder {
 	builder.auditParams.EventType = eventType
 	return builder
 }
@@ -359,16 +346,16 @@ func (builder *AuditLogEntryBuilder) Build(ctx context.Context, sequenceNumber S
 
 	resourceName := fmt.Sprintf("%s/%s", objectType.Plural(), objectId)
 	var logIdentifier string
-	var logType pkgAuditCommon.ObjectType
+	var logType ObjectType
-	if builder.auditParams.EventType == pkgAuditCommon.EventTypeSystemEvent {
+	if builder.auditParams.EventType == EventTypeSystemEvent {
-		logIdentifier = pkgAuditCommon.SystemIdentifier.Identifier
+		logIdentifier = SystemIdentifier.Identifier
-		logType = pkgAuditCommon.ObjectTypeSystem
+		logType = ObjectTypeSystem
 	} else {
 		logIdentifier = objectId
 		logType = *objectType
 	}
 
-	builder.auditMetadata.AuditInsertId = internalAuditApi.NewInsertId(time.Now().UTC(), builder.location, builder.workerId, uint64(sequenceNumber))
+	builder.auditMetadata.AuditInsertId = NewInsertId(time.Now().UTC(), builder.location, builder.workerId, uint64(sequenceNumber))
 	builder.auditMetadata.AuditLogName = fmt.Sprintf("%s/%s/logs/%s", logType.Plural(), logIdentifier, builder.auditParams.EventType)
 	builder.auditMetadata.AuditResourceName = resourceName
 
@@ -378,7 +365,7 @@ func (builder *AuditLogEntryBuilder) Build(ctx context.Context, sequenceNumber S
 	}
 
 	// Instantiate the audit event
-	return internalAuditApi.NewAuditLogEntry(
+	return NewAuditLogEntry(
 		builder.auditRequest,
 		builder.auditResponse,
 		details,
@@ -391,7 +378,7 @@ func (builder *AuditLogEntryBuilder) Build(ctx context.Context, sequenceNumber S
 type AuditEventBuilder struct {
 
 	// The audit api used to validate, serialize and send events
-	api pkgAuditCommon.AuditApi
+	api AuditApi
 
 	// The audit log entry builder which is used to build the actual protobuf message
 	auditLogEntryBuilder *AuditLogEntryBuilder
@@ -400,7 +387,7 @@ type AuditEventBuilder struct {
 	built bool
 
 	// Sequence number generator providing sequential increasing numbers for the insert IDs
-	sequenceNumberGenerator pkgAuditUtils.SequenceNumberGenerator
+	sequenceNumberGenerator utils.SequenceNumberGenerator
 
 	// Opentelemetry tracer
 	tracer trace.Tracer
@@ -413,10 +400,10 @@ type AuditEventBuilder struct {
 // validates input and returns a cloud event that can be sent to the audit log system.
 func NewAuditEventBuilder(
 	// The audit api used to validate, serialize and send events
-	api pkgAuditCommon.AuditApi,
+	api AuditApi,
 
 	// The sequence number generator can be used to get and revert sequence numbers to build audit log events
-	sequenceNumberGenerator pkgAuditUtils.SequenceNumberGenerator,
+	sequenceNumberGenerator utils.SequenceNumberGenerator,
 
 	// The service name in lowercase (allowed characters are [a-z-]).
 	serviceName string,
@@ -463,16 +450,11 @@ func (builder *AuditEventBuilder) WithAuditLogEntryBuilder(auditLogEntryBuilder
 }
 
 // WithRequiredApiRequest adds api request details
-func (builder *AuditEventBuilder) WithRequiredApiRequest(request pkgAuditCommon.ApiRequest) *AuditEventBuilder {
+func (builder *AuditEventBuilder) WithRequiredApiRequest(request ApiRequest) *AuditEventBuilder {
 	builder.auditLogEntryBuilder.WithRequiredApiRequest(request)
 	return builder
 }
 
-// GetApiRequest returns the api request details
-func (builder *AuditEventBuilder) GetApiRequest() *pkgAuditCommon.ApiRequest {
-	return builder.auditLogEntryBuilder.GetApiRequest()
-}
-
 // WithRequiredRequestClientIp adds the client ip
 func (builder *AuditEventBuilder) WithRequiredRequestClientIp(requestClientIp string) *AuditEventBuilder {
 	builder.auditLogEntryBuilder.WithRequiredRequestClientIp(requestClientIp)
@@ -506,7 +488,7 @@ func (builder *AuditEventBuilder) WithRequiredObjectId(objectId string) *AuditEv
 
 // WithRequiredObjectType adds the object type.
 // May be prefilled by audit middleware (if the type can be extracted from the url path).
-func (builder *AuditEventBuilder) WithRequiredObjectType(objectType pkgAuditCommon.ObjectType) *AuditEventBuilder {
+func (builder *AuditEventBuilder) WithRequiredObjectType(objectType ObjectType) *AuditEventBuilder {
 	builder.auditLogEntryBuilder.WithRequiredObjectType(objectType)
 	return builder
 }
@@ -563,7 +545,7 @@ func (builder *AuditEventBuilder) WithNumResponseItems(numResponseItems int64) *
 }
 
 // WithEventType overwrites the default event type EventTypeAdminActivity
-func (builder *AuditEventBuilder) WithEventType(eventType pkgAuditCommon.EventType) *AuditEventBuilder {
+func (builder *AuditEventBuilder) WithEventType(eventType EventType) *AuditEventBuilder {
 	builder.auditLogEntryBuilder.WithEventType(eventType)
 	return builder
 }
@@ -639,7 +621,7 @@ func (builder *AuditEventBuilder) MarkAsBuilt() {
 //   - The RoutableIdentifier required for routing the cloud event
 //   - The operation name
 //   - Error if the event cannot be built
-func (builder *AuditEventBuilder) Build(ctx context.Context, sequenceNumber SequenceNumber) (*pkgAuditCommon.CloudEvent, *pkgAuditCommon.RoutableIdentifier, error) {
+func (builder *AuditEventBuilder) Build(ctx context.Context, sequenceNumber SequenceNumber) (*CloudEvent, *RoutableIdentifier, error) {
 	if builder.auditLogEntryBuilder == nil {
 		return nil, nil, fmt.Errorf("audit log entry builder not set")
 	}
@@ -650,19 +632,19 @@ func (builder *AuditEventBuilder) Build(ctx context.Context, sequenceNumber Sequ
 	visibility := builder.visibility
 	objectId := builder.auditLogEntryBuilder.auditParams.ObjectId
 	objectType := builder.auditLogEntryBuilder.auditParams.ObjectType
-	var routingIdentifier *pkgAuditCommon.RoutableIdentifier
+	var routingIdentifier *RoutableIdentifier
-	if builder.auditLogEntryBuilder.auditParams.EventType == pkgAuditCommon.EventTypeSystemEvent {
+	if builder.auditLogEntryBuilder.auditParams.EventType == EventTypeSystemEvent {
-		routingIdentifier = internalAuditApi.NewAuditRoutingIdentifier(uuid.Nil.String(), pkgAuditCommon.ObjectTypeSystem)
+		routingIdentifier = NewAuditRoutingIdentifier(uuid.Nil.String(), ObjectTypeSystem)
 		if objectId == "" {
 			objectId = uuid.Nil.String()
 			builder.WithRequiredObjectId(objectId)
 		}
 		if objectType == "" {
-			objectType = pkgAuditCommon.ObjectTypeSystem
+			objectType = ObjectTypeSystem
 			builder.WithRequiredObjectType(objectType)
 		}
 	} else {
-		routingIdentifier = internalAuditApi.NewAuditRoutingIdentifier(objectId, objectType)
+		routingIdentifier = NewAuditRoutingIdentifier(objectId, objectType)
 	}
 
 	auditLogEntry, err := builder.auditLogEntryBuilder.Build(ctx, sequenceNumber)

audit/api/builder_test.go

@@ -2,21 +2,17 @@ package api
 
 import (
 	"context"
+	"dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/audit/utils"
+	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"
 	"fmt"
-	"testing"
+	"github.com/bufbuild/protovalidate-go"
-	"time"
-
-	"buf.build/go/protovalidate"
 	"github.com/google/uuid"
 	"github.com/stretchr/testify/assert"
 	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/types/known/structpb"
 	"google.golang.org/protobuf/types/known/wrapperspb"
-
+	"testing"
-	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"
+	"time"
-	internalAuditApi "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/internal/audit/api"
-	pkgAuditCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/audit/common"
-	pkgAuditUtils "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/audit/utils"
 )
 
 func Test_getObjectIdAndTypeFromAuditParams(t *testing.T) {
@@ -44,7 +40,7 @@ func Test_getObjectIdAndTypeFromAuditParams(t *testing.T) {
 			objectId, objectType, err := getObjectIdAndTypeFromAuditParams(
 				&AuditParameters{
 					ObjectId:   "value",
-					ObjectType: pkgAuditCommon.ObjectTypeFromPluralString("invalid"),
+					ObjectType: ObjectTypeFromPluralString("invalid"),
 				},
 			)
 			assert.EqualError(t, err, "unknown object type")
@@ -58,12 +54,12 @@ func Test_getObjectIdAndTypeFromAuditParams(t *testing.T) {
 			objectId, objectType, err := getObjectIdAndTypeFromAuditParams(
 				&AuditParameters{
 					ObjectId:   "value",
-					ObjectType: pkgAuditCommon.ObjectTypeProject,
+					ObjectType: ObjectTypeProject,
 				},
 			)
 			assert.NoError(t, err)
 			assert.Equal(t, "value", objectId)
-			assert.Equal(t, pkgAuditCommon.ObjectTypeProject, *objectType)
+			assert.Equal(t, ObjectTypeProject, *objectType)
 		},
 	)
 }
@@ -80,7 +76,7 @@ func Test_AuditLogEntryBuilder(t *testing.T) {
 	t.Run("details missing", func(t *testing.T) {
 		logEntry, err := NewAuditLogEntryBuilder().WithRequiredLocation("eu01").
 			WithRequiredObjectId("1").
-			WithRequiredObjectType(pkgAuditCommon.ObjectTypeProject).
+			WithRequiredObjectType(ObjectTypeProject).
 			Build(context.Background(), SequenceNumber(1))
 
 		assert.NoError(t, err)
@@ -90,23 +86,23 @@ func Test_AuditLogEntryBuilder(t *testing.T) {
 		assert.NoError(t, err)
 		err = validator.Validate(logEntry)
 		assert.Error(t, err)
-		assert.Equal(t, "validation errors:\n - proto_payload.service_name: value is required\n - proto_payload.operation_name: value is required\n - proto_payload.request_metadata.caller_supplied_user_agent: value is required\n - proto_payload.request_metadata.request_attributes.method: value is required\n - proto_payload.request_metadata.request_attributes.headers: value is required\n - proto_payload.request_metadata.request_attributes.path: value is required\n - proto_payload.request_metadata.request_attributes.host: value is required\n - proto_payload.request_metadata.request_attributes.scheme: value is required\n - proto_payload.request_metadata.request_attributes.protocol: value is required\n - insert_id: value does not match regex pattern `^[0-9]+/[a-z0-9-]+/[a-z0-9-]+/[0-9]+$`", err.Error())
+		assert.Equal(t, "validation error:\n - proto_payload.service_name: value is required [required]\n - proto_payload.operation_name: value is required [required]\n - proto_payload.request_metadata.caller_supplied_user_agent: value is required [required]\n - proto_payload.request_metadata.request_attributes.method: value is required [required]\n - proto_payload.request_metadata.request_attributes.headers: value is required [required]\n - proto_payload.request_metadata.request_attributes.path: value is required [required]\n - proto_payload.request_metadata.request_attributes.host: value is required [required]\n - proto_payload.request_metadata.request_attributes.scheme: value is required [required]\n - proto_payload.request_metadata.request_attributes.protocol: value is required [required]\n - insert_id: value does not match regex pattern `^[0-9]+/[a-z0-9-]+/[a-z0-9-]+/[0-9]+$` [string.pattern]", err.Error())
 	})
 
 	t.Run("required only", func(t *testing.T) {
 		builder := NewAuditLogEntryBuilder().
 			WithRequiredLocation("eu01").
 			WithRequiredObjectId("1").
-			WithRequiredObjectType(pkgAuditCommon.ObjectTypeProject).
+			WithRequiredObjectType(ObjectTypeProject).
 			WithRequiredOperation("stackit.demo-service.v1.operation").
-			WithRequiredApiRequest(pkgAuditCommon.ApiRequest{
+			WithRequiredApiRequest(ApiRequest{
 				Body:   nil,
-				Header: internalAuditApi.TestHeaders,
+				Header: TestHeaders,
 				Host:   "localhost",
 				Method: "POST",
 				Scheme: "https",
 				Proto:  "HTTP/1.1",
-				URL: pkgAuditCommon.RequestUrl{
+				URL: RequestUrl{
 					Path:     "/",
 					RawQuery: nil,
 				},
@@ -130,7 +126,7 @@ func Test_AuditLogEntryBuilder(t *testing.T) {
 
 		authenticationInfo := logEntry.ProtoPayload.AuthenticationInfo
 		assert.NotNil(t, authenticationInfo)
-		assert.Equal(t, "Christian.Schaible@novatec-gmbh.de", *authenticationInfo.PrincipalEmail)
+		assert.Equal(t, "Christian.Schaible@novatec-gmbh.de", authenticationInfo.PrincipalEmail)
 		assert.Equal(t, "cd94f01a-df2e-4456-902e-48f5e57f0b63", authenticationInfo.PrincipalId)
 		assert.Nil(t, authenticationInfo.ServiceAccountDelegationInfo)
 		assert.Nil(t, authenticationInfo.ServiceAccountName)
@@ -199,16 +195,16 @@ func Test_AuditLogEntryBuilder(t *testing.T) {
 		builder := NewAuditLogEntryBuilder().
 			WithRequiredLocation("eu01").
 			WithRequiredObjectId("1").
-			WithRequiredObjectType(pkgAuditCommon.ObjectTypeProject).
+			WithRequiredObjectType(ObjectTypeProject).
 			WithRequiredOperation("stackit.demo-service.v1.operation").
-			WithRequiredApiRequest(pkgAuditCommon.ApiRequest{
+			WithRequiredApiRequest(ApiRequest{
 				Body:   nil,
-				Header: internalAuditApi.TestHeaders,
+				Header: TestHeaders,
 				Host:   "localhost",
 				Method: "POST",
 				Scheme: "https",
 				Proto:  "HTTP/1.1",
-				URL: pkgAuditCommon.RequestUrl{
+				URL: RequestUrl{
 					Path:     "/",
 					RawQuery: nil,
 				},
@@ -219,7 +215,7 @@ func Test_AuditLogEntryBuilder(t *testing.T) {
 			WithAuditPermission(permission).
 			WithAuditPermissionCheckResult(permissionCheckResult).
 			WithDetails(details).
-			WithEventType(pkgAuditCommon.EventTypePolicyDenied).
+			WithEventType(EventTypePolicyDenied).
 			WithLabels(map[string]string{"key": "label"}).
 			WithNumResponseItems(int64(10)).
 			WithRequestCorrelationId("correlationId").
@@ -246,7 +242,7 @@ func Test_AuditLogEntryBuilder(t *testing.T) {
 
 		authenticationInfo := logEntry.ProtoPayload.AuthenticationInfo
 		assert.NotNil(t, authenticationInfo)
-		assert.Equal(t, "Christian.Schaible@novatec-gmbh.de", *authenticationInfo.PrincipalEmail)
+		assert.Equal(t, "Christian.Schaible@novatec-gmbh.de", authenticationInfo.PrincipalEmail)
 		assert.Equal(t, "cd94f01a-df2e-4456-902e-48f5e57f0b63", authenticationInfo.PrincipalId)
 		assert.Nil(t, authenticationInfo.ServiceAccountDelegationInfo)
 		assert.Nil(t, authenticationInfo.ServiceAccountName)
@@ -310,105 +306,11 @@ func Test_AuditLogEntryBuilder(t *testing.T) {
 		assert.NoError(t, err)
 	})
 
-	t.Run("with service account token", func(t *testing.T) {
-		builder := NewAuditLogEntryBuilder().
-			WithRequiredLocation("eu01").
-			WithRequiredObjectId("1").
-			WithRequiredObjectType(pkgAuditCommon.ObjectTypeProject).
-			WithRequiredOperation("stackit.demo-service.v1.operation").
-			WithRequiredApiRequest(pkgAuditCommon.ApiRequest{
-				Body:   nil,
-				Header: internalAuditApi.TestHeadersSa,
-				Host:   "localhost",
-				Method: "POST",
-				Scheme: "https",
-				Proto:  "HTTP/1.1",
-				URL: pkgAuditCommon.RequestUrl{
-					Path:     "/",
-					RawQuery: nil,
-				},
-			}).
-			WithRequiredRequestClientIp("127.0.0.1").
-			WithRequiredServiceName("demo-service").
-			WithRequiredWorkerId("worker-id")
-
-		logEntry, err := builder.Build(context.Background(), SequenceNumber(1))
-		assert.NoError(t, err)
-		assert.NotNil(t, logEntry)
-
-		assert.Equal(t, "projects/1/logs/admin-activity", logEntry.LogName)
-		assert.Nil(t, logEntry.Labels)
-		assert.Equal(t, auditV1.LogSeverity_LOG_SEVERITY_DEFAULT, logEntry.Severity)
-		assert.NotNil(t, logEntry.Timestamp)
-		assert.Nil(t, logEntry.CorrelationId)
-		assert.Regexp(t, "[0-9]+/eu01/worker-id/1", logEntry.InsertId)
-
-		assert.NotNil(t, logEntry.ProtoPayload)
-
-		authenticationInfo := logEntry.ProtoPayload.AuthenticationInfo
-		assert.NotNil(t, authenticationInfo)
-		assert.Equal(t, "my-service-yifc9e1@sa.stackit.cloud", *authenticationInfo.PrincipalEmail)
-		assert.Equal(t, "10f38b01_534b_47bb_a03a_e294ca2be4de", authenticationInfo.PrincipalId)
-		assert.Nil(t, authenticationInfo.ServiceAccountDelegationInfo)
-		assert.Equal(t, "projects/dacc7830-843e-4c5e-86ff-aa0fb51d636f/service-accounts/10f38b01-534b-47bb-a03a-e294ca2be4de", *authenticationInfo.ServiceAccountName)
-
-		assert.Nil(t, logEntry.ProtoPayload.AuthorizationInfo)
-		assert.Nil(t, logEntry.ProtoPayload.Metadata)
-		assert.Equal(t, "stackit.demo-service.v1.operation", logEntry.ProtoPayload.OperationName)
-		assert.Nil(t, logEntry.ProtoPayload.Request)
-
-		requestMetadata := logEntry.ProtoPayload.RequestMetadata
-		assert.NotNil(t, requestMetadata)
-		assert.Equal(t, "127.0.0.1", requestMetadata.CallerIp)
-		assert.Equal(t, "custom", requestMetadata.CallerSuppliedUserAgent)
-
-		requestAttributes := requestMetadata.RequestAttributes
-		assert.NotNil(t, requestAttributes)
-		assert.Equal(t, "/", requestAttributes.Path)
-		assert.NotNil(t, requestAttributes.Time)
-		assert.Equal(t, "localhost", requestAttributes.Host)
-		assert.Equal(t, auditV1.AttributeContext_HTTP_METHOD_POST, requestAttributes.Method)
-		assert.Nil(t, requestAttributes.Id)
-		assert.Equal(t, "https", requestAttributes.Scheme)
-		assert.Equal(t, map[string]string{"user-agent": "custom"}, requestAttributes.Headers)
-		assert.Nil(t, requestAttributes.Query)
-		assert.Equal(t, "HTTP/1.1", requestAttributes.Protocol)
-
-		requestAttributesAuth := requestAttributes.Auth
-		assert.NotNil(t, requestAttributesAuth)
-		assert.Equal(t, "10f38b01_534b_47bb_a03a_e294ca2be4de/stackit%2Fserviceaccount", requestAttributesAuth.Principal)
-		assert.Equal(t, []string{"stackit", "api"}, requestAttributesAuth.Audiences)
-		assert.NotNil(t, requestAttributesAuth.Claims)
-
-		assert.Equal(t, "projects/1", logEntry.ProtoPayload.ResourceName)
-		assert.Nil(t, logEntry.ProtoPayload.Response)
-
-		responseMetadata := logEntry.ProtoPayload.ResponseMetadata
-		assert.NotNil(t, responseMetadata)
-		assert.Nil(t, responseMetadata.ErrorDetails)
-		assert.Nil(t, responseMetadata.ErrorMessage)
-		assert.Equal(t, wrapperspb.Int32(200), responseMetadata.StatusCode)
-
-		responseAttributes := responseMetadata.ResponseAttributes
-		assert.NotNil(t, responseAttributes)
-		assert.Nil(t, responseAttributes.Headers)
-		assert.Nil(t, responseAttributes.NumResponseItems)
-		assert.Nil(t, responseAttributes.Size)
-		assert.NotNil(t, responseAttributes.Time)
-
-		assert.Equal(t, "demo-service", logEntry.ProtoPayload.ServiceName)
-
-		validator, err := protovalidate.New()
-		assert.NoError(t, err)
-		err = validator.Validate(logEntry)
-		assert.NoError(t, err)
-	})
-
 	t.Run("system event", func(t *testing.T) {
 		builder := NewAuditLogEntryBuilder().
 			WithRequiredLocation("eu01").
 			WithRequiredObjectId("1").
-			WithRequiredObjectType(pkgAuditCommon.ObjectTypeProject).
+			WithRequiredObjectType(ObjectTypeProject).
 			WithRequiredOperation("stackit.demo-service.v1.operation").
 			WithRequiredServiceName("demo-service").
 			WithRequiredWorkerId("worker-id").
@@ -429,7 +331,7 @@ func Test_AuditLogEntryBuilder(t *testing.T) {
 
 		authenticationInfo := logEntry.ProtoPayload.AuthenticationInfo
 		assert.NotNil(t, authenticationInfo)
-		assert.Nil(t, authenticationInfo.PrincipalEmail)
+		assert.Equal(t, EmailAddressDoNotReplyAtStackItDotCloud, authenticationInfo.PrincipalEmail)
 		assert.Equal(t, "none", authenticationInfo.PrincipalId)
 		assert.Nil(t, authenticationInfo.ServiceAccountDelegationInfo)
 		assert.Nil(t, authenticationInfo.ServiceAccountName)
@@ -497,16 +399,16 @@ func Test_AuditLogEntryBuilder(t *testing.T) {
 		builder := NewAuditLogEntryBuilder().
 			WithRequiredLocation("eu01").
 			WithRequiredObjectId("1").
-			WithRequiredObjectType(pkgAuditCommon.ObjectTypeProject).
+			WithRequiredObjectType(ObjectTypeProject).
 			WithRequiredOperation("stackit.demo-service.v1.operation").
-			WithRequiredApiRequest(pkgAuditCommon.ApiRequest{
+			WithRequiredApiRequest(ApiRequest{
 				Body:   nil,
-				Header: internalAuditApi.TestHeaders,
+				Header: TestHeaders,
 				Host:   "localhost",
 				Method: "POST",
 				Scheme: "https",
 				Proto:  "HTTP/1.1",
-				URL: pkgAuditCommon.RequestUrl{
+				URL: RequestUrl{
 					Path:     "/",
 					RawQuery: nil,
 				},
@@ -517,7 +419,7 @@ func Test_AuditLogEntryBuilder(t *testing.T) {
 			WithAuditPermission(permission).
 			WithAuditPermissionCheckResult(permissionCheckResult).
 			WithDetails(details).
-			WithEventType(pkgAuditCommon.EventTypeSystemEvent).
+			WithEventType(EventTypeSystemEvent).
 			WithLabels(map[string]string{"key": "label"}).
 			WithNumResponseItems(int64(10)).
 			WithRequestCorrelationId("correlationId").
@@ -549,21 +451,21 @@ func Test_AuditLogEntryBuilder(t *testing.T) {
 		responseBodyBytes, err := ResponseBodyToBytes(responseBody)
 		assert.NoError(t, err)
 		builder := NewAuditLogEntryBuilder().
-			WithRequiredApiRequest(pkgAuditCommon.ApiRequest{
+			WithRequiredApiRequest(ApiRequest{
 				Body:   nil,
-				Header: internalAuditApi.TestHeaders,
+				Header: TestHeaders,
 				Host:   "localhost",
 				Method: "POST",
 				Scheme: "https",
 				Proto:  "HTTP/1.1",
-				URL: pkgAuditCommon.RequestUrl{
+				URL: RequestUrl{
 					Path:     "/",
 					RawQuery: nil,
 				},
 			}).
 			WithRequiredLocation("eu01").
 			WithRequiredObjectId("1").
-			WithRequiredObjectType(pkgAuditCommon.ObjectTypeProject).
+			WithRequiredObjectType(ObjectTypeProject).
 			WithRequiredOperation("stackit.demo-service.v1.operation").
 			WithRequiredRequestClientIp("127.0.0.1").
 			WithRequiredServiceName("demo-service").
@@ -578,21 +480,21 @@ func Test_AuditLogEntryBuilder(t *testing.T) {
 
 	t.Run("with invalid response body", func(t *testing.T) {
 		builder := NewAuditLogEntryBuilder().
-			WithRequiredApiRequest(pkgAuditCommon.ApiRequest{
+			WithRequiredApiRequest(ApiRequest{
 				Body:   nil,
-				Header: internalAuditApi.TestHeaders,
+				Header: TestHeaders,
 				Host:   "localhost",
 				Method: "POST",
 				Scheme: "https",
 				Proto:  "HTTP/1.1",
-				URL: pkgAuditCommon.RequestUrl{
+				URL: RequestUrl{
 					Path:     "/",
 					RawQuery: nil,
 				},
 			}).
 			WithRequiredLocation("eu01").
 			WithRequiredObjectId("1").
-			WithRequiredObjectType(pkgAuditCommon.ObjectTypeProject).
+			WithRequiredObjectType(ObjectTypeProject).
 			WithRequiredOperation("stackit.demo-service.v1.operation").
 			WithRequiredRequestClientIp("127.0.0.1").
 			WithRequiredServiceName("demo-service").
@@ -603,141 +505,13 @@ func Test_AuditLogEntryBuilder(t *testing.T) {
 		assert.EqualError(t, err, "json: cannot unmarshal string into Go value of type map[string]interface {}\ninvalid response")
 		assert.Nil(t, logEntry)
 	})
-
-	t.Run("get api request", func(t *testing.T) {
-		requestBody := map[string]interface{}{"key": "response"}
-		requestBodyBytes, err := ResponseBodyToBytes(requestBody)
-		assert.NoError(t, err)
-		builder := NewAuditLogEntryBuilder().
-			WithRequiredApiRequest(pkgAuditCommon.ApiRequest{
-				Body:   requestBodyBytes,
-				Header: internalAuditApi.TestHeaders,
-				Host:   "localhost",
-				Method: "POST",
-				Scheme: "https",
-				Proto:  "HTTP/1.1",
-				URL: pkgAuditCommon.RequestUrl{
-					Path:     "/",
-					RawQuery: nil,
-				},
-			}).
-			WithRequiredLocation("eu01").
-			WithRequiredObjectId("1").
-			WithRequiredObjectType(pkgAuditCommon.ObjectTypeProject).
-			WithRequiredOperation("stackit.demo-service.v1.operation").
-			WithRequiredRequestClientIp("127.0.0.1").
-			WithRequiredServiceName("demo-service").
-			WithRequiredWorkerId("worker-id")
-
-		// get the request before building the auditlog entry
-		apiRequest := builder.GetApiRequest()
-		assert.NotNil(t, apiRequest)
-		assert.Equal(t, requestBodyBytes, apiRequest.Body)
-
-		logEntry, err := builder.Build(context.Background(), SequenceNumber(1))
-
-		assert.NoError(t, err)
-		assert.NotNil(t, logEntry)
-
-		// get the request after building the auditlog entry
-		apiRequest = builder.GetApiRequest()
-		assert.NotNil(t, apiRequest)
-		assert.Equal(t, requestBodyBytes, apiRequest.Body)
-	})
-
-	t.Run("get invalid api request", func(t *testing.T) {
-		requestBodyBytes := []byte("invalid")
-		builder := NewAuditLogEntryBuilder().
-			WithRequiredApiRequest(pkgAuditCommon.ApiRequest{
-				Body:   requestBodyBytes,
-				Header: internalAuditApi.TestHeaders,
-				Host:   "localhost",
-				Method: "POST",
-				Scheme: "https",
-				Proto:  "HTTP/1.1",
-				URL: pkgAuditCommon.RequestUrl{
-					Path:     "/",
-					RawQuery: nil,
-				},
-			}).
-			WithRequiredLocation("eu01").
-			WithRequiredObjectId("1").
-			WithRequiredObjectType(pkgAuditCommon.ObjectTypeProject).
-			WithRequiredOperation("stackit.demo-service.v1.operation").
-			WithRequiredRequestClientIp("127.0.0.1").
-			WithRequiredServiceName("demo-service").
-			WithRequiredWorkerId("worker-id")
-
-		// get the request before building the auditlog entry
-		apiRequest := builder.GetApiRequest()
-		assert.NotNil(t, apiRequest)
-		assert.Equal(t, requestBodyBytes, apiRequest.Body)
-
-		logEntry, err := builder.Build(context.Background(), SequenceNumber(1))
-
-		assert.EqualError(t, err, "invalid character 'i' looking for beginning of value\ninvalid request body")
-		assert.Nil(t, logEntry)
-
-		// get the request after building the auditlog entry
-		apiRequest = builder.GetApiRequest()
-		assert.NotNil(t, apiRequest)
-		assert.Equal(t, requestBodyBytes, apiRequest.Body)
-	})
-
-	t.Run("modify request body", func(t *testing.T) {
-		requestBodyBytes := []byte("{\"key\":\"value\"}")
-		builder := NewAuditLogEntryBuilder().
-			WithRequiredApiRequest(pkgAuditCommon.ApiRequest{
-				Body:   requestBodyBytes,
-				Header: internalAuditApi.TestHeaders,
-				Host:   "localhost",
-				Method: "POST",
-				Scheme: "https",
-				Proto:  "HTTP/1.1",
-				URL: pkgAuditCommon.RequestUrl{
-					Path:     "/",
-					RawQuery: nil,
-				},
-			}).
-			WithRequiredLocation("eu01").
-			WithRequiredObjectId("1").
-			WithRequiredObjectType(pkgAuditCommon.ObjectTypeProject).
-			WithRequiredOperation("stackit.demo-service.v1.operation").
-			WithRequiredRequestClientIp("127.0.0.1").
-			WithRequiredServiceName("demo-service").
-			WithRequiredWorkerId("worker-id")
-
-		// get the request before building the auditlog entry
-		apiRequest := builder.GetApiRequest()
-		assert.NotNil(t, apiRequest)
-		assert.Equal(t, requestBodyBytes, apiRequest.Body)
-
-		// update the request body
-		updatedBodyBytes := []byte("{\"key\":\"updated\"}")
-		apiRequest.Body = updatedBodyBytes
-
-		// build the audit log entry
-		logEntry, err := builder.Build(context.Background(), SequenceNumber(1))
-		assert.NoError(t, err)
-		assert.NotNil(t, logEntry)
-
-		// check the request body from the serialized event
-		requestBodyJson, err := logEntry.ProtoPayload.Request.MarshalJSON()
-		assert.NoError(t, err)
-		assert.Equal(t, updatedBodyBytes, requestBodyJson)
-
-		// check the request after building the auditlog entry
-		apiRequest = builder.GetApiRequest()
-		assert.NotNil(t, apiRequest)
-		assert.Equal(t, updatedBodyBytes, apiRequest.Body)
-	})
 }
 
 func Test_AuditEventBuilder(t *testing.T) {
 
 	t.Run("nothing set", func(t *testing.T) {
 		api, _ := NewMockAuditApi()
-		sequenceNumberGenerator := pkgAuditUtils.NewDefaultSequenceNumberGenerator()
+		sequenceNumberGenerator := utils.NewDefaultSequenceNumberGenerator()
 
 		cloudEvent, routingIdentifier, err := NewAuditEventBuilder(api, sequenceNumberGenerator, "demo-service", "worker-id", "eu01").
 			Build(context.Background(), SequenceNumber(1))
@@ -750,44 +524,44 @@ func Test_AuditEventBuilder(t *testing.T) {
 
 	t.Run("details missing", func(t *testing.T) {
 		api, _ := NewMockAuditApi()
-		sequenceNumberGenerator := pkgAuditUtils.NewDefaultSequenceNumberGenerator()
+		sequenceNumberGenerator := utils.NewDefaultSequenceNumberGenerator()
 
 		cloudEvent, routingIdentifier, err := NewAuditEventBuilder(api, sequenceNumberGenerator, "demo-service", "worker-id", "eu01").
 			WithRequiredObjectId("objectId").
-			WithRequiredObjectType(pkgAuditCommon.ObjectTypeProject).
+			WithRequiredObjectType(ObjectTypeProject).
 			Build(context.Background(), SequenceNumber(1))
 
 		assert.Error(t, err)
-		assert.Equal(t, "validation errors:\n - log_name: value does not match regex pattern `^[a-z-]+/[a-z0-9-]+/logs/(?:admin-activity|system-event|policy-denied|data-access)$`\n - proto_payload.operation_name: value is required\n - proto_payload.resource_name: value does not match regex pattern `^[a-z]+/[a-z0-9-]+(?:/[a-z0-9-]+/[a-z0-9-_]+)*$`\n - proto_payload.request_metadata.caller_supplied_user_agent: value is required\n - proto_payload.request_metadata.request_attributes.method: value is required\n - proto_payload.request_metadata.request_attributes.headers: value is required\n - proto_payload.request_metadata.request_attributes.path: value is required\n - proto_payload.request_metadata.request_attributes.host: value is required\n - proto_payload.request_metadata.request_attributes.scheme: value is required\n - proto_payload.request_metadata.request_attributes.protocol: value is required", err.Error())
+		assert.Equal(t, "validation error:\n - log_name: value does not match regex pattern `^[a-z-]+/[a-z0-9-]+/logs/(?:admin-activity|system-event|policy-denied|data-access)$` [string.pattern]\n - proto_payload.operation_name: value is required [required]\n - proto_payload.resource_name: value does not match regex pattern `^[a-z]+/[a-z0-9-]+(?:/[a-z0-9-]+/[a-z0-9-_]+)*$` [string.pattern]\n - proto_payload.request_metadata.caller_supplied_user_agent: value is required [required]\n - proto_payload.request_metadata.request_attributes.method: value is required [required]\n - proto_payload.request_metadata.request_attributes.headers: value is required [required]\n - proto_payload.request_metadata.request_attributes.path: value is required [required]\n - proto_payload.request_metadata.request_attributes.host: value is required [required]\n - proto_payload.request_metadata.request_attributes.scheme: value is required [required]\n - proto_payload.request_metadata.request_attributes.protocol: value is required [required]", err.Error())
 		assert.Nil(t, cloudEvent)
 		assert.Nil(t, routingIdentifier)
 	})
 
 	t.Run("required only", func(t *testing.T) {
 		api, _ := NewMockAuditApi()
-		sequenceNumberGenerator := pkgAuditUtils.NewDefaultSequenceNumberGenerator()
+		sequenceNumberGenerator := utils.NewDefaultSequenceNumberGenerator()
 
 		objectId := uuid.NewString()
 		operation := "stackit.demo-service.v1.operation"
 		builder := NewAuditEventBuilder(api, sequenceNumberGenerator, "demo-service", "worker-id", "eu01").
 			WithRequiredObjectId(objectId).
-			WithRequiredObjectType(pkgAuditCommon.ObjectTypeProject).
+			WithRequiredObjectType(ObjectTypeProject).
 			WithRequiredOperation(operation).
-			WithRequiredApiRequest(pkgAuditCommon.ApiRequest{
+			WithRequiredApiRequest(ApiRequest{
 				Body:   nil,
-				Header: internalAuditApi.TestHeaders,
+				Header: TestHeaders,
 				Host:   "localhost",
 				Method: "POST",
 				Scheme: "https",
 				Proto:  "HTTP/1.1",
-				URL: pkgAuditCommon.RequestUrl{
+				URL: RequestUrl{
 					Path:     "/",
 					RawQuery: nil,
 				},
 			}).
 			WithRequiredRequestClientIp("127.0.0.1")
 
-		routableIdentifier := pkgAuditCommon.RoutableIdentifier{Identifier: objectId, Type: pkgAuditCommon.ObjectTypeProject}
+		routableIdentifier := RoutableIdentifier{Identifier: objectId, Type: ObjectTypeProject}
 
 		cloudEvent, routingIdentifier, err := builder.Build(context.Background(), SequenceNumber(1))
 		assert.NoError(t, err)
@@ -830,7 +604,7 @@ func Test_AuditEventBuilder(t *testing.T) {
 
 		authenticationInfo := logEntry.ProtoPayload.AuthenticationInfo
 		assert.NotNil(t, authenticationInfo)
-		assert.Equal(t, "Christian.Schaible@novatec-gmbh.de", *authenticationInfo.PrincipalEmail)
+		assert.Equal(t, "Christian.Schaible@novatec-gmbh.de", authenticationInfo.PrincipalEmail)
 		assert.Equal(t, "cd94f01a-df2e-4456-902e-48f5e57f0b63", authenticationInfo.PrincipalId)
 		assert.Nil(t, authenticationInfo.ServiceAccountDelegationInfo)
 		assert.Nil(t, authenticationInfo.ServiceAccountName)
@@ -889,7 +663,7 @@ func Test_AuditEventBuilder(t *testing.T) {
 
 	t.Run("with details", func(t *testing.T) {
 		api, _ := NewMockAuditApi()
-		sequenceNumberGenerator := pkgAuditUtils.NewDefaultSequenceNumberGenerator()
+		sequenceNumberGenerator := utils.NewDefaultSequenceNumberGenerator()
 
 		objectId := uuid.NewString()
 		operation := "stackit.demo-service.v1.operation"
@@ -903,16 +677,16 @@ func Test_AuditEventBuilder(t *testing.T) {
 		assert.NoError(t, err)
 		builder := NewAuditEventBuilder(api, sequenceNumberGenerator, "demo-service", "worker-id", "eu01").
 			WithRequiredObjectId(objectId).
-			WithRequiredObjectType(pkgAuditCommon.ObjectTypeProject).
+			WithRequiredObjectType(ObjectTypeProject).
 			WithRequiredOperation(operation).
-			WithRequiredApiRequest(pkgAuditCommon.ApiRequest{
+			WithRequiredApiRequest(ApiRequest{
 				Body:   nil,
-				Header: internalAuditApi.TestHeaders,
+				Header: TestHeaders,
 				Host:   "localhost",
 				Method: "POST",
 				Scheme: "https",
 				Proto:  "HTTP/1.1",
-				URL: pkgAuditCommon.RequestUrl{
+				URL: RequestUrl{
 					Path:     "/",
 					RawQuery: nil,
 				},
@@ -921,7 +695,7 @@ func Test_AuditEventBuilder(t *testing.T) {
 			WithAuditPermission(permission).
 			WithAuditPermissionCheckResult(permissionCheckResult).
 			WithDetails(details).
-			WithEventType(pkgAuditCommon.EventTypeAdminActivity).
+			WithEventType(EventTypeAdminActivity).
 			WithLabels(map[string]string{"key": "label"}).
 			WithNumResponseItems(int64(10)).
 			WithRequestCorrelationId("correlationId").
@@ -934,7 +708,7 @@ func Test_AuditEventBuilder(t *testing.T) {
 			WithStatusCode(400).
 			WithVisibility(auditV1.Visibility_VISIBILITY_PRIVATE)
 
-		routableIdentifier := pkgAuditCommon.RoutableIdentifier{Identifier: objectId, Type: pkgAuditCommon.ObjectTypeProject}
+		routableIdentifier := RoutableIdentifier{Identifier: objectId, Type: ObjectTypeProject}
 
 		cloudEvent, routingIdentifier, err := builder.Build(context.Background(), SequenceNumber(1))
 		assert.NoError(t, err)
@@ -977,7 +751,7 @@ func Test_AuditEventBuilder(t *testing.T) {
 
 		authenticationInfo := logEntry.ProtoPayload.AuthenticationInfo
 		assert.NotNil(t, authenticationInfo)
-		assert.Equal(t, "Christian.Schaible@novatec-gmbh.de", *authenticationInfo.PrincipalEmail)
+		assert.Equal(t, "Christian.Schaible@novatec-gmbh.de", authenticationInfo.PrincipalEmail)
 		assert.Equal(t, "cd94f01a-df2e-4456-902e-48f5e57f0b63", authenticationInfo.PrincipalId)
 		assert.Nil(t, authenticationInfo.ServiceAccountDelegationInfo)
 		assert.Nil(t, authenticationInfo.ServiceAccountName)
@@ -1043,13 +817,13 @@ func Test_AuditEventBuilder(t *testing.T) {
 
 	t.Run("system event with object reference", func(t *testing.T) {
 		api, _ := NewMockAuditApi()
-		sequenceNumberGenerator := pkgAuditUtils.NewDefaultSequenceNumberGenerator()
+		sequenceNumberGenerator := utils.NewDefaultSequenceNumberGenerator()
 
 		objectId := uuid.NewString()
 		operation := "stackit.demo-service.v1.operation"
 		builder := NewAuditEventBuilder(api, sequenceNumberGenerator, "demo-service", "worker-id", "eu01").
 			WithRequiredObjectId(objectId).
-			WithRequiredObjectType(pkgAuditCommon.ObjectTypeProject).
+			WithRequiredObjectType(ObjectTypeProject).
 			WithRequiredOperation(operation).
 			AsSystemEvent()
 
@@ -1057,8 +831,8 @@ func Test_AuditEventBuilder(t *testing.T) {
 		assert.NoError(t, err)
 		assert.True(t, builder.IsBuilt())
 
-		assert.Equal(t, pkgAuditCommon.SystemIdentifier.Identifier, routingIdentifier.ToObjectIdentifier().Identifier)
+		assert.Equal(t, SystemIdentifier.Identifier, routingIdentifier.ToObjectIdentifier().Identifier)
-		assert.Equal(t, pkgAuditCommon.SystemIdentifier.Type, routingIdentifier.ToObjectIdentifier().Type)
+		assert.Equal(t, SystemIdentifier.Type, routingIdentifier.ToObjectIdentifier().Type)
 
 		assert.NotNil(t, cloudEvent)
 		assert.Equal(t, "application/cloudevents+protobuf", cloudEvent.DataContentType)
@@ -1075,8 +849,8 @@ func Test_AuditEventBuilder(t *testing.T) {
 		assert.NotNil(t, cloudEvent.Data)
 		assert.NoError(t, proto.Unmarshal(cloudEvent.Data, &routableAuditEvent))
 
-		assert.Equal(t, pkgAuditCommon.SystemIdentifier.Identifier, routableAuditEvent.ObjectIdentifier.Identifier)
+		assert.Equal(t, SystemIdentifier.Identifier, routableAuditEvent.ObjectIdentifier.Identifier)
-		assert.Equal(t, pkgAuditCommon.SystemIdentifier.Type, routableAuditEvent.ObjectIdentifier.Type)
+		assert.Equal(t, SystemIdentifier.Type, routableAuditEvent.ObjectIdentifier.Type)
 		assert.Equal(t, auditV1.Visibility_VISIBILITY_PRIVATE, routableAuditEvent.Visibility)
 		assert.Equal(t, operation, routableAuditEvent.OperationName)
 
@@ -1095,7 +869,7 @@ func Test_AuditEventBuilder(t *testing.T) {
 
 		authenticationInfo := logEntry.ProtoPayload.AuthenticationInfo
 		assert.NotNil(t, authenticationInfo)
-		assert.Nil(t, authenticationInfo.PrincipalEmail)
+		assert.Equal(t, EmailAddressDoNotReplyAtStackItDotCloud, authenticationInfo.PrincipalEmail)
 		assert.Equal(t, "none", authenticationInfo.PrincipalId)
 		assert.Nil(t, authenticationInfo.ServiceAccountDelegationInfo)
 		assert.Nil(t, authenticationInfo.ServiceAccountName)
@@ -1155,7 +929,7 @@ func Test_AuditEventBuilder(t *testing.T) {
 
 	t.Run("system event", func(t *testing.T) {
 		api, _ := NewMockAuditApi()
-		sequenceNumberGenerator := pkgAuditUtils.NewDefaultSequenceNumberGenerator()
+		sequenceNumberGenerator := utils.NewDefaultSequenceNumberGenerator()
 
 		operation := "stackit.demo-service.v1.operation"
 		builder := NewAuditEventBuilder(api, sequenceNumberGenerator, "demo-service", "worker-id", "eu01").
@@ -1166,8 +940,8 @@ func Test_AuditEventBuilder(t *testing.T) {
 		assert.NoError(t, err)
 		assert.True(t, builder.IsBuilt())
 
-		assert.Equal(t, pkgAuditCommon.SystemIdentifier.Identifier, routingIdentifier.ToObjectIdentifier().Identifier)
+		assert.Equal(t, SystemIdentifier.Identifier, routingIdentifier.ToObjectIdentifier().Identifier)
-		assert.Equal(t, pkgAuditCommon.SystemIdentifier.Type, routingIdentifier.ToObjectIdentifier().Type)
+		assert.Equal(t, SystemIdentifier.Type, routingIdentifier.ToObjectIdentifier().Type)
 
 		assert.NotNil(t, cloudEvent)
 		assert.Equal(t, "application/cloudevents+protobuf", cloudEvent.DataContentType)
@@ -1184,8 +958,8 @@ func Test_AuditEventBuilder(t *testing.T) {
 		assert.NotNil(t, cloudEvent.Data)
 		assert.NoError(t, proto.Unmarshal(cloudEvent.Data, &routableAuditEvent))
 
-		assert.Equal(t, pkgAuditCommon.SystemIdentifier.Identifier, routableAuditEvent.ObjectIdentifier.Identifier)
+		assert.Equal(t, SystemIdentifier.Identifier, routableAuditEvent.ObjectIdentifier.Identifier)
-		assert.Equal(t, pkgAuditCommon.SystemIdentifier.Type, routableAuditEvent.ObjectIdentifier.Type)
+		assert.Equal(t, SystemIdentifier.Type, routableAuditEvent.ObjectIdentifier.Type)
 		assert.Equal(t, auditV1.Visibility_VISIBILITY_PRIVATE, routableAuditEvent.Visibility)
 		assert.Equal(t, operation, routableAuditEvent.OperationName)
 
@@ -1204,7 +978,7 @@ func Test_AuditEventBuilder(t *testing.T) {
 
 		authenticationInfo := logEntry.ProtoPayload.AuthenticationInfo
 		assert.NotNil(t, authenticationInfo)
-		assert.Nil(t, authenticationInfo.PrincipalEmail)
+		assert.Equal(t, EmailAddressDoNotReplyAtStackItDotCloud, authenticationInfo.PrincipalEmail)
 		assert.Equal(t, "none", authenticationInfo.PrincipalId)
 		assert.Nil(t, authenticationInfo.ServiceAccountDelegationInfo)
 		assert.Nil(t, authenticationInfo.ServiceAccountName)
@@ -1264,7 +1038,7 @@ func Test_AuditEventBuilder(t *testing.T) {
 
 	t.Run("with response body unserialized", func(t *testing.T) {
 		api, _ := NewMockAuditApi()
-		sequenceNumberGenerator := pkgAuditUtils.NewDefaultSequenceNumberGenerator()
+		sequenceNumberGenerator := utils.NewDefaultSequenceNumberGenerator()
 
 		objectId := uuid.NewString()
 		operation := "stackit.demo-service.v1.operation"
@@ -1276,16 +1050,16 @@ func Test_AuditEventBuilder(t *testing.T) {
 		responseBody := map[string]interface{}{"key": "response"}
 		builder := NewAuditEventBuilder(api, sequenceNumberGenerator, "demo-service", "worker-id", "eu01").
 			WithRequiredObjectId(objectId).
-			WithRequiredObjectType(pkgAuditCommon.ObjectTypeProject).
+			WithRequiredObjectType(ObjectTypeProject).
 			WithRequiredOperation(operation).
-			WithRequiredApiRequest(pkgAuditCommon.ApiRequest{
+			WithRequiredApiRequest(ApiRequest{
 				Body:   nil,
-				Header: internalAuditApi.TestHeaders,
+				Header: TestHeaders,
 				Host:   "localhost",
 				Method: "POST",
 				Scheme: "https",
 				Proto:  "HTTP/1.1",
-				URL: pkgAuditCommon.RequestUrl{
+				URL: RequestUrl{
 					Path:     "/",
 					RawQuery: nil,
 				},
@@ -1294,7 +1068,7 @@ func Test_AuditEventBuilder(t *testing.T) {
 			WithAuditPermission(permission).
 			WithAuditPermissionCheckResult(permissionCheckResult).
 			WithDetails(details).
-			WithEventType(pkgAuditCommon.EventTypeAdminActivity).
+			WithEventType(EventTypeAdminActivity).
 			WithLabels(map[string]string{"key": "label"}).
 			WithNumResponseItems(int64(10)).
 			WithRequestCorrelationId("correlationId").
@@ -1307,7 +1081,7 @@ func Test_AuditEventBuilder(t *testing.T) {
 			WithStatusCode(400).
 			WithVisibility(auditV1.Visibility_VISIBILITY_PRIVATE)
 
-		routableIdentifier := pkgAuditCommon.RoutableIdentifier{Identifier: objectId, Type: pkgAuditCommon.ObjectTypeProject}
+		routableIdentifier := RoutableIdentifier{Identifier: objectId, Type: ObjectTypeProject}
 
 		cloudEvent, routingIdentifier, err := builder.Build(context.Background(), SequenceNumber(1))
 		assert.NoError(t, err)
@@ -1337,7 +1111,7 @@ func Test_AuditEventBuilder(t *testing.T) {
 
 	t.Run("mark as built", func(t *testing.T) {
 		api, _ := NewMockAuditApi()
-		sequenceNumberGenerator := pkgAuditUtils.NewDefaultSequenceNumberGenerator()
+		sequenceNumberGenerator := utils.NewDefaultSequenceNumberGenerator()
 
 		builder := NewAuditEventBuilder(api, sequenceNumberGenerator, "demo-service", "worker-id", "eu01")
 		builder.MarkAsBuilt()
@@ -1347,7 +1121,7 @@ func Test_AuditEventBuilder(t *testing.T) {
 
 	t.Run("no entry builder", func(t *testing.T) {
 		api, _ := NewMockAuditApi()
-		sequenceNumberGenerator := pkgAuditUtils.NewDefaultSequenceNumberGenerator()
+		sequenceNumberGenerator := utils.NewDefaultSequenceNumberGenerator()
 
 		cloudEvent, routingIdentifier, err := NewAuditEventBuilder(api, sequenceNumberGenerator, "demo-service", "worker-id", "eu01").
 			WithAuditLogEntryBuilder(nil).Build(context.Background(), SequenceNumber(1))
@@ -1359,7 +1133,7 @@ func Test_AuditEventBuilder(t *testing.T) {
 
 	t.Run("next sequence number", func(t *testing.T) {
 		api, _ := NewMockAuditApi()
-		sequenceNumberGenerator := pkgAuditUtils.NewDefaultSequenceNumberGenerator()
+		sequenceNumberGenerator := utils.NewDefaultSequenceNumberGenerator()
 
 		builder := NewAuditEventBuilder(api, sequenceNumberGenerator, "demo-service", "worker-id", "eu01")
 		assert.Equal(t, SequenceNumber(0), builder.NextSequenceNumber())
@@ -1368,7 +1142,7 @@ func Test_AuditEventBuilder(t *testing.T) {
 
 	t.Run("revert sequence number", func(t *testing.T) {
 		api, _ := NewMockAuditApi()
-		sequenceNumberGenerator := pkgAuditUtils.NewDefaultSequenceNumberGenerator()
+		sequenceNumberGenerator := utils.NewDefaultSequenceNumberGenerator()
 
 		builder := NewAuditEventBuilder(api, sequenceNumberGenerator, "demo-service", "worker-id", "eu01")
 		assert.Equal(t, SequenceNumber(0), builder.NextSequenceNumber())

audit/api/converter.go

@@ -1,4 +1,4 @@
-package common
+package api
 
 import (
 	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"

audit/api/log.go

@@ -1,23 +1,20 @@
 package api
 
 import (
+	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"
+	"dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/log"
 	"encoding/json"
 	"errors"
-	"time"
-
 	"google.golang.org/protobuf/encoding/protojson"
 	"google.golang.org/protobuf/proto"
-
+	"time"
-	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"
-	pkgAuditCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/audit/common"
-	pkgLog "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/log"
 )
 
 // LogEvent logs an event to the terminal
-func LogEvent(event *pkgAuditCommon.CloudEvent) error {
+func LogEvent(event *CloudEvent) error {
 
 	if event.DataType == DataTypeLegacyAuditEventV1 {
-		pkgLog.AuditLogger.Info(string(event.Data))
+		log.AuditLogger.Info(string(event.Data))
 		return nil
 	} else if event.DataType != "audit.v1.RoutableAuditEvent" {
 		return errors.New("Unsupported data type " + event.DataType)
@@ -78,7 +75,7 @@ func LogEvent(event *pkgAuditCommon.CloudEvent) error {
 		return err
 	}
 
-	pkgLog.AuditLogger.Info(string(cloudEventJson))
+	log.AuditLogger.Info(string(cloudEventJson))
 	return nil
 }
 

audit/api/log_test.go

@@ -2,41 +2,37 @@ package api
 
 import (
 	"context"
-	"testing"
+	"dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/audit/utils"
-
+	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"
-	"buf.build/go/protovalidate"
+	"github.com/bufbuild/protovalidate-go"
 	"github.com/google/uuid"
 	"github.com/stretchr/testify/assert"
-
+	"testing"
-	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"
-	internalAuditApi "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/internal/audit/api"
-	pkgAuditCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/audit/common"
-	pkgAuditUtils "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/audit/utils"
 )
 
 func Test_LogEvent(t *testing.T) {
 
 	api, _ := NewMockAuditApi()
-	sequenceNumberGenerator := pkgAuditUtils.NewDefaultSequenceNumberGenerator()
+	sequenceNumberGenerator := utils.NewDefaultSequenceNumberGenerator()
 
 	t.Run("new format", func(t *testing.T) {
 		eventBuilder := NewAuditEventBuilder(api, sequenceNumberGenerator, "demo-service", uuid.NewString(), "eu01")
 
 		cloudEvent, _, err := eventBuilder.
-			WithRequiredApiRequest(pkgAuditCommon.ApiRequest{
+			WithRequiredApiRequest(ApiRequest{
 				Body:   nil,
-				Header: internalAuditApi.TestHeaders,
+				Header: TestHeaders,
 				Host:   "localhost",
 				Method: "GET",
 				Scheme: "https",
 				Proto:  "HTTP/1.1",
-				URL: pkgAuditCommon.RequestUrl{
+				URL: RequestUrl{
 					Path:     "/",
 					RawQuery: nil,
 				},
 			}).
 			WithRequiredObjectId(uuid.NewString()).
-			WithRequiredObjectType(pkgAuditCommon.ObjectTypeProject).
+			WithRequiredObjectType(ObjectTypeProject).
 			WithRequiredOperation("stackit.demo-service.v1.project.update").
 			WithRequiredRequestClientIp("0.0.0.0").
 			Build(context.Background(), eventBuilder.NextSequenceNumber())
@@ -48,21 +44,21 @@ func Test_LogEvent(t *testing.T) {
 	t.Run("legacy format", func(t *testing.T) {
 		objectId := uuid.NewString()
 		entry, err := NewAuditLogEntryBuilder().
-			WithRequiredApiRequest(pkgAuditCommon.ApiRequest{
+			WithRequiredApiRequest(ApiRequest{
 				Body:   nil,
-				Header: internalAuditApi.TestHeaders,
+				Header: TestHeaders,
 				Host:   "localhost",
 				Method: "GET",
 				Scheme: "https",
 				Proto:  "HTTP/1.1",
-				URL: pkgAuditCommon.RequestUrl{
+				URL: RequestUrl{
 					Path:     "/",
 					RawQuery: nil,
 				},
 			}).
 			WithRequiredLocation("eu01").
 			WithRequiredObjectId(objectId).
-			WithRequiredObjectType(pkgAuditCommon.ObjectTypeProject).
+			WithRequiredObjectType(ObjectTypeProject).
 			WithRequiredOperation("stackit.demo-service.v1.project.update").
 			WithRequiredRequestClientIp("0.0.0.0").
 			WithRequiredServiceName("demo-service").
@@ -72,25 +68,25 @@ func Test_LogEvent(t *testing.T) {
 
 		validator, err := protovalidate.New()
 		assert.NoError(t, err)
-		var protoValidator pkgAuditCommon.ProtobufValidator = validator
+		var protoValidator ProtobufValidator = validator
 
-		routableIdentifier := pkgAuditCommon.RoutableIdentifier{
+		routableIdentifier := RoutableIdentifier{
 			Identifier: objectId,
-			Type:       pkgAuditCommon.ObjectTypeProject,
+			Type:       ObjectTypeProject,
 		}
 
-		routableEvent, err := internalAuditApi.ValidateAndSerializePartially(protoValidator, entry, auditV1.Visibility_VISIBILITY_PUBLIC, &routableIdentifier)
+		routableEvent, err := validateAndSerializePartially(protoValidator, entry, auditV1.Visibility_VISIBILITY_PUBLIC, &routableIdentifier)
 		assert.NoError(t, err)
 
-		legacyBytes, err := internalAuditApi.ConvertAndSerializeIntoLegacyFormat(entry, routableEvent)
+		legacyBytes, err := convertAndSerializeIntoLegacyFormat(entry, routableEvent)
 		assert.NoError(t, err)
 
-		cloudEvent := pkgAuditCommon.CloudEvent{
+		cloudEvent := CloudEvent{
 			SpecVersion:     "1.0",
 			Source:          entry.ProtoPayload.ServiceName,
 			Id:              entry.InsertId,
 			Time:            entry.ProtoPayload.RequestMetadata.RequestAttributes.Time.AsTime(),
-			DataContentType: pkgAuditCommon.ContentTypeCloudEventsJson,
+			DataContentType: ContentTypeCloudEventsJson,
 			DataType:        DataTypeLegacyAuditEventV1,
 			Subject:         entry.ProtoPayload.ResourceName,
 			Data:            legacyBytes,

audit/api/model.go

@@ -2,21 +2,23 @@ package api
 
 import (
 	"context"
+	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"
 	"encoding/json"
 	"errors"
 	"fmt"
-	"net/url"
+	"github.com/google/uuid"
-	"slices"
-	"strings"
-	"time"
-
 	"github.com/lestrrat-go/jwx/v2/jwt"
+	"google.golang.org/protobuf/encoding/protojson"
+	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/types/known/structpb"
 	"google.golang.org/protobuf/types/known/timestamppb"
 	"google.golang.org/protobuf/types/known/wrapperspb"
-
+	"net"
-	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"
+	"net/url"
-	pkgAuditCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/audit/common"
+	"regexp"
+	"slices"
+	"strings"
+	"time"
 )
 
 const EmailAddressDoNotReplyAtStackItDotCloud = "do-not-reply@stackit.cloud"
@@ -29,6 +31,66 @@ var ErrInvalidAuthorizationHeaderValue = errors.New("invalid authorization heade
 var ErrInvalidBearerToken = errors.New("invalid bearer token")
 var ErrTokenIsNotBearerToken = errors.New("token is not a bearer token")
 
+var objectTypeIdPattern = regexp.MustCompile(".*/(projects|folders|organizations)/([0-9a-fA-F-]{36})(?:/.*)?")
+
+type ApiRequest struct {
+
+	// Body
+	//
+	// Required: false
+	Body []byte
+
+	// The (HTTP) request headers / gRPC metadata.
+	//
+	// Internal IP-Addresses have to be removed (e.g. in x-forwarded-xxx headers).
+	//
+	// Required: true
+	Header map[string][]string
+
+	// The HTTP request `Host` header value.
+	//
+	// Required: true
+	Host string
+
+	// Method
+	//
+	// Required: true
+	Method string
+
+	// The URL scheme, such as `http`, `https` or `gRPC`.
+	//
+	// Required: true
+	Scheme string
+
+	// The network protocol used with the request, such as "http/1.1",
+	// "spdy/3", "h2", "h2c", "webrtc", "tcp", "udp", "quic". See
+	// https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids
+	// for details.
+	//
+	// Required: true
+	Proto string
+
+	// The url
+	//
+	// Required: true
+	URL RequestUrl
+}
+
+type RequestUrl struct {
+
+	// The gRPC / HTTP URL path.
+	//
+	// Required: true
+	Path string
+
+	// The HTTP URL query in the format of "name1=value1&name2=value2", as it
+	// appears in the first line of the HTTP request.
+	// The input should be escaped to not contain any special characters.
+	//
+	// Required: false
+	RawQuery *string
+}
+
 // AuditRequest bundles request related parameters
 type AuditRequest struct {
 
@@ -38,7 +100,7 @@ type AuditRequest struct {
 	// It should never include user-generated data, such as file contents.
 	//
 	// Required: true
-	Request *pkgAuditCommon.ApiRequest
+	Request *ApiRequest
 
 	// The IP address of the caller.
 	// For caller from internet, this will be public IPv4 or IPv6 address.
@@ -347,6 +409,24 @@ func NewAuditLogEntry(
 	return &event, nil
 }
 
+// GetCalledServiceNameFromRequest extracts the called service name from subdomain name
+func GetCalledServiceNameFromRequest(request *ApiRequest, fallbackName string) string {
+	if request == nil {
+		return fallbackName
+	}
+
+	var calledServiceName = fallbackName
+	host := request.Host
+	ip := net.ParseIP(host)
+	if ip == nil && !strings.Contains(host, "localhost") {
+		dotIdx := strings.Index(host, ".")
+		if dotIdx != -1 {
+			calledServiceName = host[0:dotIdx]
+		}
+	}
+	return calledServiceName
+}
+
 // NewPbInt64Value returns protobuf int64 wrapper if value is not nil.
 func NewPbInt64Value(value *int64) *wrapperspb.Int64Value {
 	if value != nil {
@@ -357,7 +437,7 @@ func NewPbInt64Value(value *int64) *wrapperspb.Int64Value {
 
 // NewRequestMetadata returns initialized protobuf RequestMetadata object.
 func NewRequestMetadata(
-	request *pkgAuditCommon.ApiRequest,
+	request *ApiRequest,
 	requestHeaders map[string]string,
 	requestId *string,
 	requestScheme string,
@@ -389,7 +469,7 @@ func NewRequestMetadata(
 
 // NewRequestAttributes returns initialized protobuf AttributeContext_Request object.
 func NewRequestAttributes(
-	request *pkgAuditCommon.ApiRequest,
+	request *ApiRequest,
 	requestHeaders map[string]string,
 	requestId *string,
 	requestScheme string,
@@ -408,7 +488,7 @@ func NewRequestAttributes(
 
 	return &auditV1.AttributeContext_Request{
 		Id:       requestId,
-		Method:   pkgAuditCommon.StringToHttpMethod(request.Method),
+		Method:   StringToHttpMethod(request.Method),
 		Headers:  requestHeaders,
 		Path:     request.URL.Path,
 		Host:     request.Host,
@@ -480,7 +560,7 @@ func NewResponseBody(response []byte) (*structpb.Struct, error) {
 }
 
 // NewRequestBody converts the request body into a protobuf struct.
-func NewRequestBody(request *pkgAuditCommon.ApiRequest) (*structpb.Struct, error) {
+func NewRequestBody(request *ApiRequest) (*structpb.Struct, error) {
 
 	if len(request.Body) == 0 {
 		return nil, nil
@@ -536,8 +616,8 @@ func FilterAndMergeHeaders(headers map[string][]string) map[string]string {
 
 // NewAuditRoutingIdentifier instantiates a new auditApi.RoutableIdentifier for
 // the given object ID and object type.
-func NewAuditRoutingIdentifier(objectId string, objectType pkgAuditCommon.ObjectType) *pkgAuditCommon.RoutableIdentifier {
+func NewAuditRoutingIdentifier(objectId string, objectType ObjectType) *RoutableIdentifier {
-	return &pkgAuditCommon.RoutableIdentifier{
+	return &RoutableIdentifier{
 		Identifier: objectId,
 		Type:       objectType,
 	}
@@ -548,7 +628,7 @@ func NewAuditRoutingIdentifier(objectId string, objectType pkgAuditCommon.Object
 //   - authenticationPrincipal - principal identifier
 //   - audiences - list of audience claims
 //   - authenticationInfo - information about the user or service-account authentication
-func AuditAttributesFromAuthorizationHeader(request *pkgAuditCommon.ApiRequest) (
+func AuditAttributesFromAuthorizationHeader(request *ApiRequest) (
 	*structpb.Struct,
 	string,
 	[]string,
@@ -558,7 +638,7 @@ func AuditAttributesFromAuthorizationHeader(request *pkgAuditCommon.ApiRequest)
 
 	var authenticationPrincipal = "none/none"
 	var principalId = "none"
-	var principalEmail *string
+	var principalEmail = EmailAddressDoNotReplyAtStackItDotCloud
 	emptyClaims, err := structpb.NewStruct(make(map[string]interface{}))
 	if err != nil {
 		return nil, authenticationPrincipal, nil, nil, err
@@ -741,15 +821,144 @@ func extractSubjectAndEmailFromActClaims(actClaim map[string]interface{}) (strin
 	return principalId, principalEmail
 }
 
-func extractSubjectAndEmail(token jwt.Token) (string, *string) {
+func extractSubjectAndEmail(token jwt.Token) (string, string) {
-	var principalEmail *string
+	var principalEmail string
 	principalId := token.Subject()
 	emailClaim, hasEmail := token.Get("email")
-	if hasEmail {
+	if !hasEmail {
-		trimmedEmail := strings.TrimSpace(fmt.Sprintf("%s", emailClaim))
+		principalEmail = EmailAddressDoNotReplyAtStackItDotCloud
-		if trimmedEmail != "" {
+	} else {
-			principalEmail = &trimmedEmail
+		principalEmail = fmt.Sprintf("%s", emailClaim)
-		}
 	}
 	return principalId, principalEmail
 }
+
+// OperationNameFromUrlPath converts the request url path into an operation name.
+// UUIDs and query parameters are filtered out, slashes replaced by dots.
+// HTTP methods are added as suffix as follows:
+//   - POST - create
+//   - PUT - update
+//   - PATCH - update
+//   - DELETE - delete
+//   - others - read
+func OperationNameFromUrlPath(path, requestMethod string) string {
+	queryIdx := strings.Index(path, "?")
+	if queryIdx != -1 {
+		path = path[:queryIdx]
+	}
+	path = strings.TrimPrefix(path, "/")
+	path = strings.TrimSuffix(path, "/")
+	split := strings.Split(path, "/")
+
+	operation := ""
+	for _, part := range split {
+		// skip uuids in path
+		_, err := uuid.Parse(part)
+		if err == nil {
+			continue
+		}
+		operation = fmt.Sprintf("%s/%s", operation, part)
+	}
+
+	operation = strings.ReplaceAll(operation, "/", ".")
+	operation = strings.TrimPrefix(operation, ".")
+	operation = strings.ToLower(operation)
+	if operation != "" {
+		method := StringToHttpMethod(requestMethod)
+		var action string
+		switch method {
+		case auditV1.AttributeContext_HTTP_METHOD_PUT,
+			auditV1.AttributeContext_HTTP_METHOD_PATCH:
+			action = "update"
+		case auditV1.AttributeContext_HTTP_METHOD_POST:
+			action = "create"
+		case auditV1.AttributeContext_HTTP_METHOD_DELETE:
+			action = "delete"
+		default:
+			action = "read"
+		}
+		operation = fmt.Sprintf("%s.%s", operation, action)
+	}
+
+	return operation
+}
+
+// OperationNameFromGrpcMethod converts the grpc path into an operation name.
+func OperationNameFromGrpcMethod(path string) string {
+	operation := strings.TrimPrefix(path, "/")
+	operation = strings.TrimSuffix(operation, "/")
+
+	operation = strings.ReplaceAll(operation, "/", ".")
+	operation = strings.TrimPrefix(operation, ".")
+	operation = strings.ToLower(operation)
+
+	return operation
+}
+
+func GetObjectIdAndTypeFromUrlPath(path string) (
+	string,
+	*ObjectType,
+	error,
+) {
+
+	// Extract object id and type from request url
+	objectTypeIdMatches := objectTypeIdPattern.FindStringSubmatch(path)
+	if len(objectTypeIdMatches) > 0 {
+		objectType := ObjectTypeFromPluralString(objectTypeIdMatches[1])
+		err := objectType.IsSupportedType()
+		if err != nil {
+			return "", nil, err
+		}
+
+		objectId := objectTypeIdMatches[2]
+
+		return objectId, &objectType, nil
+	}
+
+	return "", nil, nil
+}
+
+func ToArrayMap(input map[string]string) map[string][]string {
+	output := map[string][]string{}
+	for key, value := range input {
+		output[key] = []string{value}
+	}
+	return output
+}
+
+func StringAttributeFromMetadata(metadata map[string][]string, name string) string {
+	var value = ""
+	rawValue, hasAttribute := metadata[name]
+	if hasAttribute && len(rawValue) > 0 {
+		value = rawValue[0]
+	}
+	return value
+}
+
+// ResponseBodyToBytes converts a JSON or Protobuf response into a byte array
+func ResponseBodyToBytes(response any) ([]byte, error) {
+	if response == nil {
+		return nil, nil
+	}
+
+	responseBytes, isBytes := response.([]byte)
+	if isBytes {
+		return responseBytes, nil
+	}
+
+	responseProtoMessage, isProtoMessage := response.(proto.Message)
+	if isProtoMessage {
+		responseJson, err := protojson.Marshal(responseProtoMessage)
+		if err != nil {
+			return nil, err
+		}
+		return responseJson, nil
+	}
+
+	responseJson, err := json.Marshal(response)
+	if err != nil {
+		return nil, err
+	}
+	return responseJson, nil
+
+}

audit/api/model_test.go

@@ -1,23 +1,61 @@
 package api
 
 import (
+	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"
 	"encoding/json"
 	"fmt"
+	"github.com/google/uuid"
+	"github.com/stretchr/testify/assert"
+	"google.golang.org/protobuf/encoding/protojson"
+	"google.golang.org/protobuf/types/known/structpb"
+	"google.golang.org/protobuf/types/known/timestamppb"
+	"google.golang.org/protobuf/types/known/wrapperspb"
 	"net/http"
 	"net/url"
 	"testing"
 	"time"
-
-	"github.com/google/uuid"
-	"github.com/stretchr/testify/assert"
-	"google.golang.org/protobuf/types/known/structpb"
-	"google.golang.org/protobuf/types/known/timestamppb"
-	"google.golang.org/protobuf/types/known/wrapperspb"
-
-	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"
-	pkgAuditCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/audit/common"
 )
 
+func Test_GetCalledServiceNameFromRequest(t *testing.T) {
+
+	t.Run("request is nil", func(t *testing.T) {
+		serviceName := GetCalledServiceNameFromRequest(nil, "resource-manager")
+		assert.Equal(t, "resource-manager", serviceName)
+	})
+
+	t.Run("localhost", func(t *testing.T) {
+		request := ApiRequest{Host: "localhost:8080"}
+		serviceName := GetCalledServiceNameFromRequest(&request, "resource-manager")
+		assert.Equal(t, "resource-manager", serviceName)
+	})
+
+	t.Run("cf", func(t *testing.T) {
+		request := ApiRequest{Host: "stackit-resource-manager-go-dev.apps.01.cf.eu01.stackit.cloud"}
+		serviceName := GetCalledServiceNameFromRequest(&request, "resource-manager")
+		assert.Equal(t, "stackit-resource-manager-go-dev", serviceName)
+	})
+
+	t.Run("cf invalid host", func(t *testing.T) {
+		request := ApiRequest{Host: ""}
+		serviceName := GetCalledServiceNameFromRequest(&request, "resource-manager")
+		assert.Equal(t, "resource-manager", serviceName)
+	})
+
+	t.Run("ip", func(t *testing.T) {
+		request := ApiRequest{Host: "127.0.0.1"}
+		serviceName := GetCalledServiceNameFromRequest(&request, "resource-manager")
+		assert.Equal(t, "resource-manager", serviceName)
+	},
+	)
+
+	t.Run("ip short", func(t *testing.T) {
+		request := ApiRequest{Host: "::1"}
+		serviceName := GetCalledServiceNameFromRequest(&request, "resource-manager")
+		assert.Equal(t, "resource-manager", serviceName)
+	},
+	)
+}
+
 func Test_NewPbInt64Value(t *testing.T) {
 
 	t.Run("nil", func(t *testing.T) {
@@ -85,9 +123,9 @@ func Test_NewRequestMetadata(t *testing.T) {
 	requestHeaders["Custom"] = []string{"customHeader"}
 
 	queryString := "topic=project"
-	request := pkgAuditCommon.ApiRequest{
+	request := ApiRequest{
 		Method: "GET",
-		URL:    pkgAuditCommon.RequestUrl{Path: "/audit/new", RawQuery: &queryString},
+		URL:    RequestUrl{Path: "/audit/new", RawQuery: &queryString},
 		Host:   "localhost:8080",
 		Proto:  "HTTP/1.1",
 		Scheme: "http",
@@ -149,9 +187,9 @@ func Test_NewRequestMetadata(t *testing.T) {
 	})
 
 	t.Run("without query parameters", func(t *testing.T) {
-		request := pkgAuditCommon.ApiRequest{
+		request := ApiRequest{
 			Method: "GET",
-			URL:    pkgAuditCommon.RequestUrl{Path: "/audit/new"},
+			URL:    RequestUrl{Path: "/audit/new"},
 			Host:   "localhost:8080",
 			Proto:  "HTTP/1.1",
 			Header: requestHeaders,
@@ -175,9 +213,9 @@ func Test_NewRequestMetadata(t *testing.T) {
 
 	t.Run("with empty query parameters", func(t *testing.T) {
 		emptyQuery := ""
-		request := pkgAuditCommon.ApiRequest{
+		request := ApiRequest{
 			Method: "GET",
-			URL:    pkgAuditCommon.RequestUrl{Path: "/audit/new", RawQuery: &emptyQuery},
+			URL:    RequestUrl{Path: "/audit/new", RawQuery: &emptyQuery},
 			Host:   "localhost:8080",
 			Proto:  "HTTP/1.1",
 			Header: requestHeaders,
@@ -200,9 +238,9 @@ func Test_NewRequestMetadata(t *testing.T) {
 	})
 
 	t.Run("without request id", func(t *testing.T) {
-		request := pkgAuditCommon.ApiRequest{
+		request := ApiRequest{
 			Method: "GET",
-			URL:    pkgAuditCommon.RequestUrl{Path: "/audit/new", RawQuery: &queryString},
+			URL:    RequestUrl{Path: "/audit/new", RawQuery: &queryString},
 			Host:   "localhost:8080",
 			Proto:  "HTTP/1.1",
 			Header: requestHeaders,
@@ -224,9 +262,9 @@ func Test_NewRequestMetadata(t *testing.T) {
 	t.Run("various default http methods", func(t *testing.T) {
 		httpMethods := []string{"GET", "HEAD", "POST", "PUT", "DELETE", "CONNECT", "OPTIONS", "TRACE", "PATCH"}
 		for _, httpMethod := range httpMethods {
-			request := pkgAuditCommon.ApiRequest{
+			request := ApiRequest{
 				Method: httpMethod,
-				URL:    pkgAuditCommon.RequestUrl{Path: "/audit/new", RawQuery: &queryString},
+				URL:    RequestUrl{Path: "/audit/new", RawQuery: &queryString},
 				Host:   "localhost:8080",
 				Proto:  "HTTP/1.1",
 				Header: requestHeaders,
@@ -248,9 +286,9 @@ func Test_NewRequestMetadata(t *testing.T) {
 	})
 
 	t.Run("unknown http method", func(t *testing.T) {
-		request := pkgAuditCommon.ApiRequest{
+		request := ApiRequest{
 			Method: "",
-			URL:    pkgAuditCommon.RequestUrl{Path: "/audit/new", RawQuery: &queryString},
+			URL:    RequestUrl{Path: "/audit/new", RawQuery: &queryString},
 			Host:   "localhost:8080",
 			Proto:  "HTTP/1.1",
 			Header: requestHeaders,
@@ -339,7 +377,7 @@ func Test_AuditAttributesFromAuthorizationHeader(t *testing.T) {
 		headerValue := "Basic username:password"
 		headers := make(map[string][]string)
 		headers["Authorization"] = []string{headerValue}
-		request := pkgAuditCommon.ApiRequest{Header: headers}
+		request := ApiRequest{Header: headers}
 
 		_, _, _, _, err := AuditAttributesFromAuthorizationHeader(&request)
 		assert.ErrorIs(t, err, ErrTokenIsNotBearerToken)
@@ -349,7 +387,7 @@ func Test_AuditAttributesFromAuthorizationHeader(t *testing.T) {
 		headerValue := "a b c"
 		headers := make(map[string][]string)
 		headers["Authorization"] = []string{headerValue}
-		request := pkgAuditCommon.ApiRequest{Header: headers}
+		request := ApiRequest{Header: headers}
 
 		_, _, _, _, err := AuditAttributesFromAuthorizationHeader(&request)
 		assert.ErrorIs(t, err, ErrInvalidAuthorizationHeaderValue)
@@ -359,7 +397,7 @@ func Test_AuditAttributesFromAuthorizationHeader(t *testing.T) {
 		headerValue := "Bearer a.b.c.d"
 		headers := make(map[string][]string)
 		headers["Authorization"] = []string{headerValue}
-		request := pkgAuditCommon.ApiRequest{Header: headers}
+		request := ApiRequest{Header: headers}
 
 		_, _, _, _, err := AuditAttributesFromAuthorizationHeader(&request)
 		assert.ErrorIs(t, err, ErrInvalidBearerToken)
@@ -369,7 +407,7 @@ func Test_AuditAttributesFromAuthorizationHeader(t *testing.T) {
 		headerValue := "Bearer a.b.c"
 		headers := make(map[string][]string)
 		headers["Authorization"] = []string{headerValue}
-		request := pkgAuditCommon.ApiRequest{Header: headers}
+		request := ApiRequest{Header: headers}
 
 		_, _, _, _, err := AuditAttributesFromAuthorizationHeader(&request)
 		assert.ErrorIs(t, err, ErrInvalidBearerToken)
@@ -378,7 +416,7 @@ func Test_AuditAttributesFromAuthorizationHeader(t *testing.T) {
 	t.Run("client credentials token", func(t *testing.T) {
 		headers := make(map[string][]string)
 		headers["Authorization"] = []string{clientCredentialsToken}
-		request := pkgAuditCommon.ApiRequest{Header: headers}
+		request := ApiRequest{Header: headers}
 
 		auditClaims, authenticationPrincipal, audiences, authenticationInfo, err :=
 			AuditAttributesFromAuthorizationHeader(&request)
@@ -404,7 +442,7 @@ func Test_AuditAttributesFromAuthorizationHeader(t *testing.T) {
 		assert.Equal(t, []string{"stackit-resource-manager-dev"}, audiences)
 
 		assert.Equal(t, "stackit-resource-manager-dev", authenticationInfo.PrincipalId)
-		assert.Nil(t, authenticationInfo.PrincipalEmail)
+		assert.Equal(t, "do-not-reply@stackit.cloud", authenticationInfo.PrincipalEmail)
 
 		assert.Nil(t, authenticationInfo.ServiceAccountName)
 		assert.Nil(t, authenticationInfo.ServiceAccountDelegationInfo)
@@ -413,7 +451,7 @@ func Test_AuditAttributesFromAuthorizationHeader(t *testing.T) {
 	t.Run("service account access token", func(t *testing.T) {
 		headers := make(map[string][]string)
 		headers["Authorization"] = []string{serviceAccountToken}
-		request := pkgAuditCommon.ApiRequest{Header: headers}
+		request := ApiRequest{Header: headers}
 
 		auditClaims, authenticationPrincipal, audiences, authenticationInfo, err :=
 			AuditAttributesFromAuthorizationHeader(&request)
@@ -442,47 +480,7 @@ func Test_AuditAttributesFromAuthorizationHeader(t *testing.T) {
 		assert.Equal(t, []string{"stackit", "api"}, audiences)
 
 		assert.Equal(t, "10f38b01-534b-47bb-a03a-e294ca2be4de", authenticationInfo.PrincipalId)
-		assert.Equal(t, "my-service-yifc9e1@sa.stackit.cloud", *authenticationInfo.PrincipalEmail)
+		assert.Equal(t, "my-service-yifc9e1@sa.stackit.cloud", authenticationInfo.PrincipalEmail)
-
-		assert.Equal(t,
-			"projects/dacc7830-843e-4c5e-86ff-aa0fb51d636f/service-accounts/10f38b01-534b-47bb-a03a-e294ca2be4de",
-			*authenticationInfo.ServiceAccountName)
-		assert.Nil(t, authenticationInfo.ServiceAccountDelegationInfo)
-	})
-
-	t.Run("service account access token with underscore in subject", func(t *testing.T) {
-		headers := make(map[string][]string)
-		headers["Authorization"] = []string{serviceAccountTokenUnderscoreSubject}
-		request := pkgAuditCommon.ApiRequest{Header: headers}
-
-		auditClaims, authenticationPrincipal, audiences, authenticationInfo, err :=
-			AuditAttributesFromAuthorizationHeader(&request)
-		assert.Nil(t, err)
-
-		auditClaimsMap := auditClaims.AsMap()
-		assert.Len(t, auditClaimsMap, 12)
-		assert.Equal(t, []interface{}{"stackit", "api"}, auditClaimsMap["aud"])
-		assert.Equal(t, "cd94f01a-df2e-4456-902e-48f5e57f0b63", auditClaimsMap["azp"])
-		assert.Equal(t, "my-service-yifc9e1@sa.stackit.cloud", auditClaimsMap["email"])
-		assert.Equal(t, "2024-08-03 07:15:43 +0000 UTC", auditClaimsMap["exp"])
-		assert.Equal(t, "2024-08-02 07:15:43 +0000 UTC", auditClaimsMap["iat"])
-		assert.Equal(t, "stackit/serviceaccount", auditClaimsMap["iss"])
-		assert.Equal(t, "84c30a46-1001-436f-859f-89c0ba19be1e", auditClaimsMap["jti"])
-		assert.Equal(t, "api", auditClaimsMap["stackit/serviceaccount/namespace"])
-		assert.Equal(t, "10f38b01-534b-47bb-a03a-e294ca2be4de", auditClaimsMap[TokenClaimStackitServiceAccountId])
-		assert.Equal(t, "legacy", auditClaimsMap["stackit/serviceaccount/token.source"])
-		assert.Equal(t, "dacc7830-843e-4c5e-86ff-aa0fb51d636f", auditClaimsMap[TokenClaimStackitProjectId])
-		assert.Equal(t, "10f38b01_534b_47bb_a03a_e294ca2be4de", auditClaimsMap["sub"])
-
-		principal := fmt.Sprintf("%s/%s",
-			url.QueryEscape("10f38b01_534b_47bb_a03a_e294ca2be4de"),
-			url.QueryEscape("stackit/serviceaccount"))
-		assert.Equal(t, principal, authenticationPrincipal)
-
-		assert.Equal(t, []string{"stackit", "api"}, audiences)
-
-		assert.Equal(t, "10f38b01_534b_47bb_a03a_e294ca2be4de", authenticationInfo.PrincipalId)
-		assert.Equal(t, "my-service-yifc9e1@sa.stackit.cloud", *authenticationInfo.PrincipalEmail)
 
 		assert.Equal(t,
 			"projects/dacc7830-843e-4c5e-86ff-aa0fb51d636f/service-accounts/10f38b01-534b-47bb-a03a-e294ca2be4de",
@@ -493,7 +491,7 @@ func Test_AuditAttributesFromAuthorizationHeader(t *testing.T) {
 	t.Run("impersonated token of access token", func(t *testing.T) {
 		headers := make(map[string][]string)
 		headers["Authorization"] = []string{serviceAccountTokenImpersonated}
-		request := pkgAuditCommon.ApiRequest{Header: headers}
+		request := ApiRequest{Header: headers}
 
 		auditClaims, authenticationPrincipal, audiences, authenticationInfo, err :=
 			AuditAttributesFromAuthorizationHeader(&request)
@@ -526,7 +524,7 @@ func Test_AuditAttributesFromAuthorizationHeader(t *testing.T) {
 		assert.Equal(t, []string{"stackit", "api"}, audiences)
 
 		assert.Equal(t, "f45009b2-6433-43c1-b6c7-618c44359e71", authenticationInfo.PrincipalId)
-		assert.Equal(t, "service-account-2-tj9srt1@sa.stackit.cloud", *authenticationInfo.PrincipalEmail)
+		assert.Equal(t, "service-account-2-tj9srt1@sa.stackit.cloud", authenticationInfo.PrincipalEmail)
 
 		assert.Equal(t,
 			"projects/dacc7830-843e-4c5e-86ff-aa0fb51d636f/service-accounts/f45009b2-6433-43c1-b6c7-618c44359e71",
@@ -541,7 +539,7 @@ func Test_AuditAttributesFromAuthorizationHeader(t *testing.T) {
 	t.Run("impersonated token of impersonated access token", func(t *testing.T) {
 		headers := make(map[string][]string)
 		headers["Authorization"] = []string{serviceAccountTokenRepeatedlyImpersonated}
-		request := pkgAuditCommon.ApiRequest{Header: headers}
+		request := ApiRequest{Header: headers}
 
 		auditClaims, authenticationPrincipal, audiences, authenticationInfo, err :=
 			AuditAttributesFromAuthorizationHeader(&request)
@@ -577,7 +575,7 @@ func Test_AuditAttributesFromAuthorizationHeader(t *testing.T) {
 		assert.Equal(t, []string{"stackit", "api"}, audiences)
 
 		assert.Equal(t, "1734b4b6-1d5e-4819-9b50-29917a1b9ad5", authenticationInfo.PrincipalId)
-		assert.Equal(t, "service-account-3-fghsxw1@sa.stackit.cloud", *authenticationInfo.PrincipalEmail)
+		assert.Equal(t, "service-account-3-fghsxw1@sa.stackit.cloud", authenticationInfo.PrincipalEmail)
 
 		assert.Equal(t,
 			"projects/dacc7830-843e-4c5e-86ff-aa0fb51d636f/service-accounts/1734b4b6-1d5e-4819-9b50-29917a1b9ad5",
@@ -594,7 +592,7 @@ func Test_AuditAttributesFromAuthorizationHeader(t *testing.T) {
 	t.Run("user token", func(t *testing.T) {
 		headers := make(map[string][]string)
 		headers["Authorization"] = []string{userToken}
-		request := pkgAuditCommon.ApiRequest{Header: headers}
+		request := ApiRequest{Header: headers}
 
 		auditClaims, authenticationPrincipal, audiences, authenticationInfo, err :=
 			AuditAttributesFromAuthorizationHeader(&request)
@@ -622,7 +620,7 @@ func Test_AuditAttributesFromAuthorizationHeader(t *testing.T) {
 		assert.Equal(t, []string{"stackit-portal-login-dev-client-id"}, audiences)
 
 		assert.Equal(t, "cd94f01a-df2e-4456-902e-48f5e57f0b63", authenticationInfo.PrincipalId)
-		assert.Equal(t, "Christian.Schaible@novatec-gmbh.de", *authenticationInfo.PrincipalEmail)
+		assert.Equal(t, "Christian.Schaible@novatec-gmbh.de", authenticationInfo.PrincipalEmail)
 
 		assert.Nil(t, authenticationInfo.ServiceAccountName)
 		assert.Nil(t, authenticationInfo.ServiceAccountDelegationInfo)
@@ -631,7 +629,7 @@ func Test_AuditAttributesFromAuthorizationHeader(t *testing.T) {
 	t.Run("user token with simple aud claim", func(t *testing.T) {
 		headers := make(map[string][]string)
 		headers["Authorization"] = []string{userTokenWithSimpleAudience}
-		request := pkgAuditCommon.ApiRequest{Header: headers}
+		request := ApiRequest{Header: headers}
 
 		auditClaims, authenticationPrincipal, audiences, authenticationInfo, err :=
 			AuditAttributesFromAuthorizationHeader(&request)
@@ -657,7 +655,7 @@ func Test_AuditAttributesFromAuthorizationHeader(t *testing.T) {
 		assert.Equal(t, []string{"https://stackit-service-account-dev.apps.01.cf.eu01.stackit.cloud"}, audiences)
 
 		assert.Equal(t, "5e426aed-c487-4c48-af25-87f69cf9cdd4", authenticationInfo.PrincipalId)
-		assert.Equal(t, "Lukas.Schmitt@stackit.cloud", *authenticationInfo.PrincipalEmail)
+		assert.Equal(t, "Lukas.Schmitt@stackit.cloud", authenticationInfo.PrincipalEmail)
 
 		assert.Nil(t, authenticationInfo.ServiceAccountName)
 		assert.Nil(t, authenticationInfo.ServiceAccountDelegationInfo)
@@ -673,9 +671,9 @@ func Test_NewAuditLogEntry(t *testing.T) {
 		requestHeaders["User-Agent"] = []string{userAgent}
 		requestHeaders["Custom"] = []string{"customHeader"}
 
-		request := pkgAuditCommon.ApiRequest{
+		request := ApiRequest{
 			Method: "GET",
-			URL:    pkgAuditCommon.RequestUrl{Path: "/audit/new"},
+			URL:    RequestUrl{Path: "/audit/new"},
 			Host:   "localhost:8080",
 			Proto:  "HTTP/1.1",
 			Scheme: "http",
@@ -702,7 +700,7 @@ func Test_NewAuditLogEntry(t *testing.T) {
 		}
 
 		objectId := uuid.NewString()
-		logName := fmt.Sprintf("projects/%s/logs/%s", objectId, pkgAuditCommon.EventTypeAdminActivity)
+		logName := fmt.Sprintf("projects/%s/logs/%s", objectId, EventTypeAdminActivity)
 		serviceName := "resource-manager"
 		operationName := fmt.Sprintf("stackit.%s.v2.projects.updated", serviceName)
 		resourceName := fmt.Sprintf("projects/%s", objectId)
@@ -756,7 +754,7 @@ func Test_NewAuditLogEntry(t *testing.T) {
 		authenticationInfo := payload.AuthenticationInfo
 		assert.NotNil(t, authenticationInfo)
 		assert.Equal(t, "cd94f01a-df2e-4456-902e-48f5e57f0b63", authenticationInfo.PrincipalId)
-		assert.Equal(t, "Christian.Schaible@novatec-gmbh.de", *authenticationInfo.PrincipalEmail)
+		assert.Equal(t, "Christian.Schaible@novatec-gmbh.de", authenticationInfo.PrincipalEmail)
 		assert.Nil(t, authenticationInfo.ServiceAccountName)
 		assert.Nil(t, authenticationInfo.ServiceAccountDelegationInfo)
 
@@ -782,9 +780,9 @@ func Test_NewAuditLogEntry(t *testing.T) {
 		requestBody["key"] = "request"
 		requestBodyBytes, _ := json.Marshal(requestBody)
 		query := "topic=project"
-		request := pkgAuditCommon.ApiRequest{
+		request := ApiRequest{
 			Method: "GET",
-			URL:    pkgAuditCommon.RequestUrl{Path: "/audit/new", RawQuery: &query},
+			URL:    RequestUrl{Path: "/audit/new", RawQuery: &query},
 			Host:   "localhost:8080",
 			Proto:  "HTTP/1.1",
 			Scheme: "http",
@@ -826,7 +824,7 @@ func Test_NewAuditLogEntry(t *testing.T) {
 		auditTime := time.Now().UTC()
 
 		objectId := uuid.NewString()
-		logName := fmt.Sprintf("projects/%s/logs/%s", objectId, pkgAuditCommon.EventTypeAdminActivity)
+		logName := fmt.Sprintf("projects/%s/logs/%s", objectId, EventTypeAdminActivity)
 		serviceName := "resource-manager"
 		operationName := fmt.Sprintf("stackit.%s.v2.projects.updated", serviceName)
 		resourceName := fmt.Sprintf("projects/%s", objectId)
@@ -889,7 +887,7 @@ func Test_NewAuditLogEntry(t *testing.T) {
 		authenticationInfo := payload.AuthenticationInfo
 		assert.NotNil(t, authenticationInfo)
 		assert.Equal(t, "cd94f01a-df2e-4456-902e-48f5e57f0b63", authenticationInfo.PrincipalId)
-		assert.Equal(t, "Christian.Schaible@novatec-gmbh.de", *authenticationInfo.PrincipalEmail)
+		assert.Equal(t, "Christian.Schaible@novatec-gmbh.de", authenticationInfo.PrincipalEmail)
 		assert.Nil(t, authenticationInfo.ServiceAccountName)
 		assert.Nil(t, authenticationInfo.ServiceAccountDelegationInfo)
 
@@ -923,9 +921,231 @@ func Test_NewInsertId(t *testing.T) {
 
 func Test_NewNewAuditRoutingIdentifier(t *testing.T) {
 	objectId := uuid.NewString()
-	objectType := pkgAuditCommon.ObjectTypeProject
+	objectType := ObjectTypeProject
 
 	routingIdentifier := NewAuditRoutingIdentifier(objectId, objectType)
 	assert.Equal(t, objectId, routingIdentifier.Identifier)
 	assert.Equal(t, objectType, routingIdentifier.Type)
 }
+
+func Test_OperationNameFromUrlPath(t *testing.T) {
+
+	t.Run("empty path", func(t *testing.T) {
+		operationName := OperationNameFromUrlPath("", "GET")
+		assert.Equal(t, "", operationName)
+	})
+
+	t.Run("root path", func(t *testing.T) {
+		operationName := OperationNameFromUrlPath("/", "GET")
+		assert.Equal(t, "", operationName)
+	})
+
+	t.Run("path without version", func(t *testing.T) {
+		operationName := OperationNameFromUrlPath("/projects", "GET")
+		assert.Equal(t, "projects.read", operationName)
+	})
+
+	t.Run("path with uuid without version", func(t *testing.T) {
+		operationName := OperationNameFromUrlPath("/projects/ac51bbd2-cb23-441b-a2ee-5393189695aa", "GET")
+		assert.Equal(t, "projects.read", operationName)
+	})
+
+	t.Run("path with uuid and version", func(t *testing.T) {
+		operationName := OperationNameFromUrlPath("/v2/projects/ac51bbd2-cb23-441b-a2ee-5393189695aa", "GET")
+		assert.Equal(t, "v2.projects.read", operationName)
+	})
+
+	t.Run("concatenated path", func(t *testing.T) {
+		operationName := OperationNameFromUrlPath("/v2/organizations/ac51bbd2-cb23-441b-a2ee-5393189695aa/folders/167fc176-9d8e-477b-a56c-b50d7b26adcf/projects/0a2a4f9b-4e67-4562-ad02-c2d200e05aa6/audit/policy", "GET")
+		assert.Equal(t, "v2.organizations.folders.projects.audit.policy.read", operationName)
+	})
+
+	t.Run("path with query params", func(t *testing.T) {
+		operationName := OperationNameFromUrlPath("/v2/organizations/ac51bbd2-cb23-441b-a2ee-5393189695aa/audit/policy?since=2024-08-27", "GET")
+		assert.Equal(t, "v2.organizations.audit.policy.read", operationName)
+	})
+
+	t.Run("path trailing slash", func(t *testing.T) {
+		operationName := OperationNameFromUrlPath("/projects/ac51bbd2-cb23-441b-a2ee-5393189695aa/", "GET")
+		assert.Equal(t, "projects.read", operationName)
+	})
+
+	t.Run("path trailing slash and query params", func(t *testing.T) {
+		operationName := OperationNameFromUrlPath("/projects/ac51bbd2-cb23-441b-a2ee-5393189695aa/?changeDate=2024-10-13", "GET")
+		assert.Equal(t, "projects.read", operationName)
+	})
+
+	t.Run("http method post", func(t *testing.T) {
+		operationName := OperationNameFromUrlPath("/projects", "POST")
+		assert.Equal(t, "projects.create", operationName)
+	})
+
+	t.Run("http method put", func(t *testing.T) {
+		operationName := OperationNameFromUrlPath("/projects", "PUT")
+		assert.Equal(t, "projects.update", operationName)
+	})
+
+	t.Run("http method patch", func(t *testing.T) {
+		operationName := OperationNameFromUrlPath("/projects", "PATCH")
+		assert.Equal(t, "projects.update", operationName)
+	})
+
+	t.Run("http method delete", func(t *testing.T) {
+		operationName := OperationNameFromUrlPath("/projects", "DELETE")
+		assert.Equal(t, "projects.delete", operationName)
+	})
+
+	t.Run("operation name fallback on options", func(t *testing.T) {
+		operationName := OperationNameFromUrlPath("/projects", "OPTIONS")
+		assert.Equal(t, "projects.read", operationName)
+	})
+
+	t.Run("operation name fallback on unknown", func(t *testing.T) {
+		operationName := OperationNameFromUrlPath("/projects", "UNKNOWN")
+		assert.Equal(t, "projects.read", operationName)
+	})
+}
+
+func Test_OperationNameFromGrpcMethod(t *testing.T) {
+
+	t.Run("empty path", func(t *testing.T) {
+		operationName := OperationNameFromGrpcMethod("")
+		assert.Equal(t, "", operationName)
+	})
+
+	t.Run("root path", func(t *testing.T) {
+		operationName := OperationNameFromGrpcMethod("/")
+		assert.Equal(t, "", operationName)
+	})
+
+	t.Run("path without version", func(t *testing.T) {
+		operationName := OperationNameFromGrpcMethod("/example.ExampleService/ManualAuditEvent")
+		assert.Equal(t, "example.exampleservice.manualauditevent", operationName)
+	})
+
+	t.Run("path with version", func(t *testing.T) {
+		operationName := OperationNameFromGrpcMethod("/example.v1.ExampleService/ManualAuditEvent")
+		assert.Equal(t, "example.v1.exampleservice.manualauditevent", operationName)
+	})
+
+	t.Run("path trailing slash", func(t *testing.T) {
+		operationName := OperationNameFromGrpcMethod("/example.v1.ExampleService/ManualAuditEvent/")
+		assert.Equal(t, "example.v1.exampleservice.manualauditevent", operationName)
+	})
+}
+
+func Test_GetObjectIdAndTypeFromUrlPath(t *testing.T) {
+
+	t.Run("object id and type not in url", func(t *testing.T) {
+		objectId, objectType, err := GetObjectIdAndTypeFromUrlPath("/v2/projects/audit")
+		assert.NoError(t, err)
+		assert.Equal(t, "", objectId)
+		assert.Nil(t, objectType)
+	})
+
+	t.Run("object id and type in url", func(t *testing.T) {
+		objectId, objectType, err := GetObjectIdAndTypeFromUrlPath("/v2/projects/f17d4064-9b65-4334-b6a7-8fed96340124")
+		assert.NoError(t, err)
+		assert.Equal(t, "f17d4064-9b65-4334-b6a7-8fed96340124", objectId)
+		assert.Equal(t, ObjectTypeProject, *objectType)
+	})
+
+	t.Run("multiple object ids and types in url", func(t *testing.T) {
+		objectId, objectType, err := GetObjectIdAndTypeFromUrlPath("/v2/organization/8ee58bec-d496-4bb9-af8d-72fda4d78b6b/projects/f17d4064-9b65-4334-b6a7-8fed96340124")
+		assert.NoError(t, err)
+		assert.Equal(t, "f17d4064-9b65-4334-b6a7-8fed96340124", objectId)
+		assert.Equal(t, ObjectTypeProject, *objectType)
+	})
+}
+
+func Test_ToArrayMap(t *testing.T) {
+
+	t.Run("empty map", func(t *testing.T) {
+		result := ToArrayMap(map[string]string{})
+		assert.Equal(t, map[string][]string{}, result)
+	})
+
+	t.Run("empty map", func(t *testing.T) {
+		result := ToArrayMap(map[string]string{"key1": "value1", "key2": "value2"})
+		assert.Equal(t, map[string][]string{
+			"key1": {"value1"},
+			"key2": {"value2"},
+		}, result)
+	})
+}
+
+func Test_StringAttributeFromMetadata(t *testing.T) {
+
+	metadata := map[string][]string{"key1": {"value1"}, "key2": {"value2"}}
+
+	t.Run("not found", func(t *testing.T) {
+		attribute := StringAttributeFromMetadata(metadata, "key3")
+		assert.Equal(t, "", attribute)
+	})
+
+	t.Run("found", func(t *testing.T) {
+		attribute := StringAttributeFromMetadata(metadata, "key2")
+		assert.Equal(t, "value2", attribute)
+	})
+}
+
+func Test_ResponseBodyToBytes(t *testing.T) {
+
+	t.Run(
+		"nil response body", func(t *testing.T) {
+			bytes, err := ResponseBodyToBytes(nil)
+			assert.Nil(t, bytes)
+			assert.Nil(t, err)
+		},
+	)
+
+	t.Run(
+		"bytes", func(t *testing.T) {
+			responseBody := []byte("data")
+			bytes, err := ResponseBodyToBytes(responseBody)
+			assert.Nil(t, err)
+			assert.Equal(t, responseBody, bytes)
+		},
+	)
+
+	t.Run(
+		"Protobuf message", func(t *testing.T) {
+			protobufMessage := auditV1.ObjectIdentifier{Identifier: uuid.NewString(), Type: string(ObjectTypeProject)}
+			bytes, err := ResponseBodyToBytes(&protobufMessage)
+			assert.Nil(t, err)
+
+			expected, err := protojson.Marshal(&protobufMessage)
+			assert.Nil(t, err)
+			assert.Equal(t, expected, bytes)
+		},
+	)
+
+	t.Run(
+		"struct", func(t *testing.T) {
+			type CustomObject struct {
+				Value string
+			}
+
+			responseBody := CustomObject{Value: "data"}
+			bytes, err := ResponseBodyToBytes(responseBody)
+			assert.Nil(t, err)
+
+			expected, err := json.Marshal(responseBody)
+			assert.Nil(t, err)
+			assert.Equal(t, expected, bytes)
+		},
+	)
+
+	t.Run(
+		"map", func(t *testing.T) {
+
+			responseBody := map[string]interface{}{"value": "data"}
+			bytes, err := ResponseBodyToBytes(responseBody)
+			assert.Nil(t, err)
+
+			expected, err := json.Marshal(responseBody)
+			assert.Nil(t, err)
+			assert.Equal(t, expected, bytes)
+		},
+	)
+}

audit/api/schema_validation_test.go

@@ -1,13 +1,10 @@
 package api
 
 import (
-	"testing"
-
-	"buf.build/go/protovalidate"
-	"github.com/stretchr/testify/assert"
-
 	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"
-	pkgAuditCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/audit/common"
+	"github.com/bufbuild/protovalidate-go"
+	"github.com/stretchr/testify/assert"
+	"testing"
 )
 
 func Test_RoutableAuditEvent(t *testing.T) {
@@ -21,7 +18,7 @@ func Test_RoutableAuditEvent(t *testing.T) {
 			Visibility:    auditV1.Visibility_VISIBILITY_PUBLIC,
 			ObjectIdentifier: &auditV1.ObjectIdentifier{
 				Identifier: "14f7aa86-77ba-4d77-a091-a2cf3395a221",
-				Type:       string(pkgAuditCommon.ObjectTypeProject),
+				Type:       string(ObjectTypeProject),
 			},
 			Data: &auditV1.RoutableAuditEvent_UnencryptedData{UnencryptedData: &auditV1.UnencryptedData{
 				Data:         []byte("data"),
@@ -40,7 +37,7 @@ func Test_RoutableAuditEvent(t *testing.T) {
 		event.OperationName = ""
 
 		err := validator.Validate(&event)
-		assert.EqualError(t, err, "validation error: operation_name: value is required")
+		assert.EqualError(t, err, "validation error:\n - operation_name: value is required [required]")
 	})
 
 	t.Run("invalid operation name", func(t *testing.T) {
@@ -48,7 +45,7 @@ func Test_RoutableAuditEvent(t *testing.T) {
 		event.OperationName = "stackit.resource-manager.v1.INVALID.organizations.create"
 
 		err := validator.Validate(&event)
-		assert.EqualError(t, err, "validation error: operation_name: value does not match regex pattern `^stackit\\.[a-z0-9-]+\\.(?:v[0-9]+\\.)?(?:[a-z0-9-.]+\\.)?[a-z0-9-]+$`")
+		assert.EqualError(t, err, "validation error:\n - operation_name: value does not match regex pattern `^stackit\\.[a-z0-9-]+\\.(?:v[0-9]+\\.)?(?:[a-z0-9-.]+\\.)?[a-z0-9-]+$` [string.pattern]")
 	})
 
 	t.Run("visibility invalid", func(t *testing.T) {
@@ -56,7 +53,7 @@ func Test_RoutableAuditEvent(t *testing.T) {
 		event.Visibility = -1
 
 		err := validator.Validate(&event)
-		assert.EqualError(t, err, "validation error: visibility: value must be one of the defined enum values")
+		assert.EqualError(t, err, "validation error:\n - visibility: value must be one of the defined enum values [enum.defined_only]")
 	})
 
 	t.Run("visibility unspecified", func(t *testing.T) {
@@ -64,7 +61,7 @@ func Test_RoutableAuditEvent(t *testing.T) {
 		event.Visibility = auditV1.Visibility_VISIBILITY_UNSPECIFIED
 
 		err := validator.Validate(&event)
-		assert.EqualError(t, err, "validation error: visibility: value is required")
+		assert.EqualError(t, err, "validation error:\n - visibility: value is required [required]")
 	})
 
 	t.Run("object identifier nil", func(t *testing.T) {
@@ -72,7 +69,7 @@ func Test_RoutableAuditEvent(t *testing.T) {
 		event.ObjectIdentifier = nil
 
 		err := validator.Validate(&event)
-		assert.EqualError(t, err, "validation error: object_identifier: value is required")
+		assert.EqualError(t, err, "validation error:\n - object_identifier: value is required [required]")
 	})
 
 	t.Run("object identifier id empty", func(t *testing.T) {
@@ -80,7 +77,7 @@ func Test_RoutableAuditEvent(t *testing.T) {
 		event.ObjectIdentifier.Identifier = ""
 
 		err := validator.Validate(&event)
-		assert.EqualError(t, err, "validation error: object_identifier.identifier: value is required")
+		assert.EqualError(t, err, "validation error:\n - object_identifier.identifier: value is required [required]")
 	})
 
 	t.Run("object identifier id not uuid", func(t *testing.T) {
@@ -88,7 +85,7 @@ func Test_RoutableAuditEvent(t *testing.T) {
 		event.ObjectIdentifier.Identifier = "invalid"
 
 		err := validator.Validate(&event)
-		assert.EqualError(t, err, "validation error: object_identifier.identifier: value must be a valid UUID")
+		assert.EqualError(t, err, "validation error:\n - object_identifier.identifier: value must be a valid UUID [string.uuid]")
 	})
 
 	t.Run("object identifier type empty", func(t *testing.T) {
@@ -96,7 +93,7 @@ func Test_RoutableAuditEvent(t *testing.T) {
 		event.ObjectIdentifier.Type = ""
 
 		err := validator.Validate(&event)
-		assert.EqualError(t, err, "validation error: object_identifier.type: value is required")
+		assert.EqualError(t, err, "validation error:\n - object_identifier.type: value is required [required]")
 	})
 
 	t.Run("data nil", func(t *testing.T) {
@@ -104,7 +101,7 @@ func Test_RoutableAuditEvent(t *testing.T) {
 		event.Data = nil
 
 		err := validator.Validate(&event)
-		assert.EqualError(t, err, "validation error: data: exactly one field is required in oneof")
+		assert.EqualError(t, err, "validation error:\n - data: exactly one field is required in oneof [required]")
 	})
 
 	t.Run("data empty", func(t *testing.T) {
@@ -115,7 +112,7 @@ func Test_RoutableAuditEvent(t *testing.T) {
 		}}
 
 		err := validator.Validate(&event)
-		assert.EqualError(t, err, "validation error: unencrypted_data.data: value is required")
+		assert.EqualError(t, err, "validation error:\n - unencrypted_data.data: value is required [required]")
 	})
 
 	t.Run("data protobuf type empty", func(t *testing.T) {
@@ -126,59 +123,6 @@ func Test_RoutableAuditEvent(t *testing.T) {
 		}}
 
 		err := validator.Validate(&event)
-		assert.EqualError(t, err, "validation error: unencrypted_data.protobuf_type: value is required")
+		assert.EqualError(t, err, "validation error:\n - unencrypted_data.protobuf_type: value is required [required]")
 	})
 }
-
-func Test_AuthenticationInfo(t *testing.T) {
-
-	validator, err := protovalidate.New()
-	assert.NoError(t, err)
-
-	email := "x@x.x"
-	newEvent := func() auditV1.AuthenticationInfo {
-		return auditV1.AuthenticationInfo{
-			PrincipalId:                  "1234567890",
-			PrincipalEmail:               &email,
-			ServiceAccountName:           nil,
-			ServiceAccountDelegationInfo: nil,
-		}
-	}
-
-	t.Run("valid event", func(t *testing.T) {
-		event := newEvent()
-		err := validator.Validate(&event)
-		assert.NoError(t, err)
-	})
-
-	t.Run("valid event without email", func(t *testing.T) {
-		event := newEvent()
-		event.PrincipalEmail = nil
-		err := validator.Validate(&event)
-		assert.NoError(t, err)
-	})
-
-	t.Run("principal id contains only whitespace", func(t *testing.T) {
-		event := newEvent()
-		event.PrincipalId = "     "
-		err := validator.Validate(&event)
-		assert.EqualError(t, err, "validation error: principal_id: value does not match regex pattern `.*\\S.*`")
-	})
-
-	t.Run("principal email contains only whitespace", func(t *testing.T) {
-		event := newEvent()
-		whitespaceEmail := "     "
-		event.PrincipalEmail = &whitespaceEmail
-		err := validator.Validate(&event)
-		assert.EqualError(t, err, "validation error: principal_email: value must be a valid email address")
-	})
-
-	t.Run("missing host in email", func(t *testing.T) {
-		event := newEvent()
-		invalidEmail := "@test.com"
-		event.PrincipalEmail = &invalidEmail
-		err := validator.Validate(&event)
-		assert.EqualError(t, err, "validation error: principal_email: value must be a valid email address")
-	})
-
-}

audit/api/test_data.go

@@ -4,17 +4,16 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/google/uuid"
-	"google.golang.org/protobuf/types/known/structpb"
-	"google.golang.org/protobuf/types/known/timestamppb"
 	"google.golang.org/protobuf/types/known/wrapperspb"
 
 	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"
-	pkgAuditCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/audit/common"
+
+	"github.com/google/uuid"
+	"google.golang.org/protobuf/types/known/structpb"
+	"google.golang.org/protobuf/types/known/timestamppb"
 )
 
 const clientCredentialsToken = "Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjFlOGJlZjc1LWRmY2QtNGE3My1hMzkxLTU0YTdhZjU3YTdkNiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3RhY2tpdC1yZXNvdXJjZS1tYW5hZ2VyLWRldiJdLCJjbGllbnRfaWQiOiJzdGFja2l0LXJlc291cmNlLW1hbmFnZXItZGV2IiwiZXhwIjoxNzI0NDA1MzI2LCJpYXQiOjE3MjQ0MDQ0MjYsImlzcyI6Imh0dHBzOi8vYWNjb3VudHMuZGV2LnN0YWNraXQuY2xvdWQiLCJqdGkiOiJlNDZlYmEzOC1kZWRiLTQ1NDEtOTRmMy00OWY5N2E5MzRkNTgiLCJuYmYiOjE3MjQ0MDQ0MjYsInNjb3BlIjoidWFhLm5vbmUiLCJzdWIiOiJzdGFja2l0LXJlc291cmNlLW1hbmFnZXItZGV2In0.JP5Uy7AMdK4ukzQ6aOYzbVwEmq0Tp2ppQGRqGOhuVQgbqs6yJ33GKXo7RPsJVLw3FR7XAxENIVqNvzGotbDXr0NjBGdzyxIHzrOaUqM4w1iLzD1KF51dXFwkoigqDdD7Ze9eI_Uo3tSn8FwGLTSoO-ONQYpnceCiGut2Gc6VIL8HOLdh8dzlRENGQtgYd-3Y5zqpoLrsR2Bd-0sv15sF-5aI0CqcC8gE70JPImKf2u_IYI-TYMDNk86YSCtaYO5-alOrHXXWwgzSoH-r2s5qoOhPbei9myV_P4fdcKXxMqfap9hImXPUooVhpdUr1AabZw3MtW7rION8tJAiauhMQA"
-const serviceAccountTokenUnderscoreSubject = "Bearer eyJraWQiOiJaVFJqWlRNek5tSmlNRGt3TldJMU5USTRZVGxpT1RjMllUWXlZVE16WldNIiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiIxMGYzOGIwMV81MzRiXzQ3YmJfYTAzYV9lMjk0Y2EyYmU0ZGUiLCJhdWQiOlsic3RhY2tpdCIsImFwaSJdLCJzdGFja2l0L3NlcnZpY2VhY2NvdW50L3Rva2VuLnNvdXJjZSI6ImxlZ2FjeSIsInN0YWNraXQvc2VydmljZWFjY291bnQvbmFtZXNwYWNlIjoiYXBpIiwic3RhY2tpdC9wcm9qZWN0L3Byb2plY3QuaWQiOiJkYWNjNzgzMC04NDNlLTRjNWUtODZmZi1hYTBmYjUxZDYzNmYiLCJhenAiOiJjZDk0ZjAxYS1kZjJlLTQ0NTYtOTAyZS00OGY1ZTU3ZjBiNjMiLCJpc3MiOiJzdGFja2l0L3NlcnZpY2VhY2NvdW50Iiwic3RhY2tpdC9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMTBmMzhiMDEtNTM0Yi00N2JiLWEwM2EtZTI5NGNhMmJlNGRlIiwiZXhwIjoxNzIyNjY5MzQzLCJpYXQiOjE3MjI1ODI5NDMsImVtYWlsIjoibXktc2VydmljZS15aWZjOWUxQHNhLnN0YWNraXQuY2xvdWQiLCJqdGkiOiI4NGMzMGE0Ni0xMDAxLTQzNmYtODU5Zi04OWMwYmExOWJlMWUifQ.bfD2TxfioqaKbqFJvnV_gq5zY_aoKVD2qzySMQjubaLQ5Vx_Tj95HU0q7gdNczNgcT0tBRyUp0pE4g4bwaPpB2MtYtUUunzpwG8sOX_OBchkorhcC4N50cdF5TR2pg0SMp3L6QBo3coHVbjHvaipshCj1NvyXYzARb4dSR0adrsIGnqy3IaScty1A2XQ7PN6SX_OVmxO5swpL0I-afKvCOffnChI3qmFAL5t6sFxm8PoaCWLIrkoxdtqxw5ZqsPPOJ0qDhssTuc3nE4JrQnzX8fZH5FiBVVHGT76KUNgPFd26UsVzbGqBXK20pn3pbIQHwbRiVOh6qanjr9kvHBXpQ"
 const serviceAccountTokenRepeatedlyImpersonated = "Bearer eyJraWQiOiJaVFJqWlRNek5tSmlNRGt3TldJMU5USTRZVGxpT1RjMllUWXlZVE16WldNIiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiIxNzM0YjRiNi0xZDVlLTQ4MTktOWI1MC0yOTkxN2ExYjlhZDUiLCJpc3MiOiJzdGFja2l0L3NlcnZpY2VhY2NvdW50IiwiYXVkIjpbInN0YWNraXQiLCJhcGkiXSwic3RhY2tpdC9zZXJ2aWNlYWNjb3VudC90b2tlbi5zb3VyY2UiOiJvYXV0aDIiLCJhY3QiOnsic3ViIjoiZjQ1MDA5YjItNjQzMy00M2MxLWI2YzctNjE4YzQ0MzU5ZTcxIiwiYWN0Ijp7InN1YiI6IjAyYWVmNTE2LTMxN2YtNGVjMS1hMWRmLTFhY2JkNGQ0OWZlMyJ9fSwic3RhY2tpdC9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJhcGkiLCJzdGFja2l0L3Byb2plY3QvcHJvamVjdC5pZCI6ImRhY2M3ODMwLTg0M2UtNGM1ZS04NmZmLWFhMGZiNTFkNjM2ZiIsImF6cCI6ImY0NTAwOWIyLTY0MzMtNDNjMS1iNmM3LTYxOGM0NDM1OWU3MSIsInN0YWNraXQvc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjE3MzRiNGI2LTFkNWUtNDgxOS05YjUwLTI5OTE3YTFiOWFkNSIsImV4cCI6MTcyNDA2Mjk2MywiaWF0IjoxNzI0MDU5MzYzLCJlbWFpbCI6InNlcnZpY2UtYWNjb3VudC0zLWZnaHN4dzFAc2Euc3RhY2tpdC5jbG91ZCIsImp0aSI6IjFmN2YxZWZjLTMzNDktNDExYS1hNWQ3LTIyNTVlMGE1YThhZSJ9.c1ae17bAtyOdmwXQbK37W-NTyOxo7iER5aHS_C0fU1qKl2BjOz708GLjH-_vxx9eKPeYznfI21_xlTaAvuG4Aco9f5YDK7fooTVHnDaOSSggqcEaDzDPrNXhhKEDxotJeq9zRMVCEStcbirjTounnLbuULRbO5GSY5jo-8n2UKxSZ2j5G_SjFHajdJwmzwvOttp08tdL8ck1uDdgVNBfcm0VIdb6WmgrCIUq5rmoa-cRPkdEurNtIEgEB_9U0Xh-SpmmsvFsWWeNIKz0e_5RCIyJonm_wMkGmblGegemkYL76ypeMNXTQsly1RozDIePfzHuZOWbySHSCd-vKQa2kw"
 const serviceAccountTokenImpersonated = "Bearer eyJraWQiOiJaVFJqWlRNek5tSmlNRGt3TldJMU5USTRZVGxpT1RjMllUWXlZVE16WldNIiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJmNDUwMDliMi02NDMzLTQzYzEtYjZjNy02MThjNDQzNTllNzEiLCJpc3MiOiJzdGFja2l0L3NlcnZpY2VhY2NvdW50IiwiYXVkIjpbInN0YWNraXQiLCJhcGkiXSwic3RhY2tpdC9zZXJ2aWNlYWNjb3VudC90b2tlbi5zb3VyY2UiOiJvYXV0aDIiLCJhY3QiOnsic3ViIjoiMDJhZWY1MTYtMzE3Zi00ZWMxLWExZGYtMWFjYmQ0ZDQ5ZmUzIn0sInN0YWNraXQvc2VydmljZWFjY291bnQvbmFtZXNwYWNlIjoiYXBpIiwic3RhY2tpdC9wcm9qZWN0L3Byb2plY3QuaWQiOiJkYWNjNzgzMC04NDNlLTRjNWUtODZmZi1hYTBmYjUxZDYzNmYiLCJhenAiOiIwMmFlZjUxNi0zMTdmLTRlYzEtYTFkZi0xYWNiZDRkNDlmZTMiLCJzdGFja2l0L3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJmNDUwMDliMi02NDMzLTQzYzEtYjZjNy02MThjNDQzNTllNzEiLCJleHAiOjE3MjQwNjI5MDcsImlhdCI6MTcyNDA1OTMwNywiZW1haWwiOiJzZXJ2aWNlLWFjY291bnQtMi10ajlzcnQxQHNhLnN0YWNraXQuY2xvdWQiLCJqdGkiOiIzNzU1NTE4My0wMWI5LTQyNzAtYmRjMS02OWI0ZmNmZDVlZTkifQ.auBvvsIesFMAlWOCPCPC77DrrHF7gSKZwKs_Zry5KFvu2bpZZC1BcSXOc8b9eh0SzANI9M9aGJBhOzOm39-ZZ5XOQ-6_y1aWuEenYQ6kT5D3GzCUTMDzSi1lcZ4IG5nFMa_AAlVEN_7AMv7LHGtz49bWLJnAgeTo1cvof-OgP4mCQ5O6E0iyAq-5u8V8NJL7HIZy7BDe4J1mjfYhwKagrN7QFWu4fhN4TNS7d922X_6V489BhjRFRYjLW_qDnv912JorbGRz_XwNy_dPA81EkdMyKE0BJUezguJUEKEG2_JEi9O64Flcoi6x8cFHYhaDuMMSLipzePaHdyk2lQtH7Q"
 const serviceAccountToken = "Bearer eyJraWQiOiJaVFJqWlRNek5tSmlNRGt3TldJMU5USTRZVGxpT1RjMllUWXlZVE16WldNIiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiIxMGYzOGIwMS01MzRiLTQ3YmItYTAzYS1lMjk0Y2EyYmU0ZGUiLCJhdWQiOlsic3RhY2tpdCIsImFwaSJdLCJzdGFja2l0L3NlcnZpY2VhY2NvdW50L3Rva2VuLnNvdXJjZSI6ImxlZ2FjeSIsInN0YWNraXQvc2VydmljZWFjY291bnQvbmFtZXNwYWNlIjoiYXBpIiwic3RhY2tpdC9wcm9qZWN0L3Byb2plY3QuaWQiOiJkYWNjNzgzMC04NDNlLTRjNWUtODZmZi1hYTBmYjUxZDYzNmYiLCJhenAiOiJjZDk0ZjAxYS1kZjJlLTQ0NTYtOTAyZS00OGY1ZTU3ZjBiNjMiLCJpc3MiOiJzdGFja2l0L3NlcnZpY2VhY2NvdW50Iiwic3RhY2tpdC9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMTBmMzhiMDEtNTM0Yi00N2JiLWEwM2EtZTI5NGNhMmJlNGRlIiwiZXhwIjoxNzIyNjY5MzQzLCJpYXQiOjE3MjI1ODI5NDMsImVtYWlsIjoibXktc2VydmljZS15aWZjOWUxQHNhLnN0YWNraXQuY2xvdWQiLCJqdGkiOiI4NGMzMGE0Ni0xMDAxLTQzNmYtODU5Zi04OWMwYmExOWJlMWUifQ.hb8X9VKc9xViHgNMyFHT9ePj_lyEwTV1D2es8E278WtoCJ9-4GPPQGjhcLGGrigjnvpRYV2LKzNqpQslerT5lFT_pHACsryaAE0ImYjmoe-nutA7BBpYuM_JN6pk5VIjVFLTqRKeIvFexPacqS2Vo3YoK1GvxPB8WPWBbGIsBtMl-PTm8OTwwzooBOoCRhhMR-E1lFbAymLsc1JI4yDQKLLomvhEopgmocCnQ-P1QkiKMqdkNxiD_YYLLYTOApg6d62BhqpH66ziqx493AStdZ8d5Kjvf3e1knDhaxVwNCghQj7lSo2kNAqZe__g2tiXpiZNTXBFJ_5HgQMLh67wng"
@@ -22,9 +21,8 @@ const userToken = "Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjFlOGJlZjc1LWRmY2QtNGE3My
 const userTokenWithSimpleAudience = "Bearer eyJhbGciOiJSUzUxMiIsImtpZCI6InNlcnZpY2UtYWNjb3VudC1mMDdiZjZhOC02MjA3LTRmOGItYjNlOS03M2VkMGJlYjg4ZjUiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOiJodHRwczovL3N0YWNraXQtc2VydmljZS1hY2NvdW50LWRldi5hcHBzLjAxLmNmLmV1MDEuc3RhY2tpdC5jbG91ZCIsImVtYWlsIjoiTHVrYXMuU2NobWl0dEBzdGFja2l0LmNsb3VkIiwiZXhwIjoxNzMyMTgyMDM1LCJpYXQiOjE3MzIxNzg0MzUsImlzcyI6Imh0dHBzOi8vYXBpLmRldi5zdGFja2l0LmNsb3VkIiwianRpIjoiYzJiZTE2NTEtMWU1NC00ZTZlLWJhYzMtZWYwNzJiM2YwMTQ5IiwibmJmIjoxNzMyMTc4NDE4LCJyb2xlcyI6bnVsbCwic2NvcGUiOiJvcGVuaWQgZW1haWwgcG9ydGFsLWJmZiIsInN1YiI6IjVlNDI2YWVkLWM0ODctNGM0OC1hZjI1LTg3ZjY5Y2Y5Y2RkNCIsInVzZXJfaWQiOiIiLCJ4X2NsaWVudF9pZCI6IiIsInppZCI6IiJ9.notavailable"
 
 var TestHeaders = map[string][]string{"user-agent": {"custom"}, "authorization": {userToken}}
-var TestHeadersSa = map[string][]string{"user-agent": {"custom"}, "authorization": {serviceAccountTokenUnderscoreSubject}}
 
-func NewOrganizationAuditEvent(
+func newOrganizationAuditEvent(
 	customization *func(
 		*auditV1.AuditLogEntry,
 		*auditV1.ObjectIdentifier,
@@ -43,21 +41,20 @@ func NewOrganizationAuditEvent(
 	headers["Content-Type"] = "application/json"
 	labels := make(map[string]string)
 	labels["label1"] = "value1"
-	email := "user@example.com"
 	auditEvent := &auditV1.AuditLogEntry{
-		LogName: fmt.Sprintf("%s/%s/logs/%s", pkgAuditCommon.ObjectTypeOrganization.Plural(), identifier, pkgAuditCommon.EventTypeAdminActivity),
+		LogName: fmt.Sprintf("%s/%s/logs/%s", ObjectTypeOrganization.Plural(), identifier, EventTypeAdminActivity),
 		ProtoPayload: &auditV1.AuditLog{
 			ServiceName:   "resource-manager",
 			OperationName: "stackit.resourcemanager.v2.organization.created",
-			ResourceName:  fmt.Sprintf("%s/%s", pkgAuditCommon.ObjectTypeOrganization.Plural(), identifier),
+			ResourceName:  fmt.Sprintf("%s/%s", ObjectTypeOrganization.Plural(), identifier),
 			AuthenticationInfo: &auditV1.AuthenticationInfo{
 				PrincipalId:                  uuid.NewString(),
-				PrincipalEmail:               &email,
+				PrincipalEmail:               "user@example.com",
 				ServiceAccountName:           nil,
 				ServiceAccountDelegationInfo: nil,
 			},
 			AuthorizationInfo: []*auditV1.AuthorizationInfo{{
-				Resource:   fmt.Sprintf("%s/%s", pkgAuditCommon.ObjectTypeOrganization.Plural(), identifier),
+				Resource:   fmt.Sprintf("%s/%s", ObjectTypeOrganization.Plural(), identifier),
 				Permission: &permission,
 				Granted:    &permissionGranted,
 			}},
@@ -105,7 +102,7 @@ func NewOrganizationAuditEvent(
 
 	objectIdentifier := &auditV1.ObjectIdentifier{
 		Identifier: identifier.String(),
-		Type:       string(pkgAuditCommon.ObjectTypeOrganization),
+		Type:       string(ObjectTypeOrganization),
 	}
 
 	if customization != nil {
@@ -115,7 +112,7 @@ func NewOrganizationAuditEvent(
 	return auditEvent, objectIdentifier
 }
 
-func NewFolderAuditEvent(
+func newFolderAuditEvent(
 	customization *func(
 		*auditV1.AuditLogEntry,
 		*auditV1.ObjectIdentifier,
@@ -134,21 +131,20 @@ func NewFolderAuditEvent(
 	headers["Content-Type"] = "application/json"
 	labels := make(map[string]string)
 	labels["label1"] = "value1"
-	email := "user@example.com"
 	auditEvent := &auditV1.AuditLogEntry{
-		LogName: fmt.Sprintf("%s/%s/logs/%s", pkgAuditCommon.ObjectTypeFolder.Plural(), identifier, pkgAuditCommon.EventTypeAdminActivity),
+		LogName: fmt.Sprintf("%s/%s/logs/%s", ObjectTypeFolder.Plural(), identifier, EventTypeAdminActivity),
 		ProtoPayload: &auditV1.AuditLog{
 			ServiceName:   "resource-manager",
 			OperationName: "stackit.resourcemanager.v2.folder.created",
-			ResourceName:  fmt.Sprintf("%s/%s", pkgAuditCommon.ObjectTypeFolder.Plural(), identifier),
+			ResourceName:  fmt.Sprintf("%s/%s", ObjectTypeFolder.Plural(), identifier),
 			AuthenticationInfo: &auditV1.AuthenticationInfo{
 				PrincipalId:                  uuid.NewString(),
-				PrincipalEmail:               &email,
+				PrincipalEmail:               "user@example.com",
 				ServiceAccountName:           nil,
 				ServiceAccountDelegationInfo: nil,
 			},
 			AuthorizationInfo: []*auditV1.AuthorizationInfo{{
-				Resource:   fmt.Sprintf("%s/%s", pkgAuditCommon.ObjectTypeFolder.Plural(), identifier),
+				Resource:   fmt.Sprintf("%s/%s", ObjectTypeFolder.Plural(), identifier),
 				Permission: &permission,
 				Granted:    &permissionGranted,
 			}},
@@ -196,7 +192,7 @@ func NewFolderAuditEvent(
 
 	objectIdentifier := &auditV1.ObjectIdentifier{
 		Identifier: identifier.String(),
-		Type:       string(pkgAuditCommon.ObjectTypeFolder),
+		Type:       string(ObjectTypeFolder),
 	}
 
 	if customization != nil {
@@ -206,7 +202,7 @@ func NewFolderAuditEvent(
 	return auditEvent, objectIdentifier
 }
 
-func NewProjectAuditEvent(
+func newProjectAuditEvent(
 	customization *func(
 		*auditV1.AuditLogEntry,
 		*auditV1.ObjectIdentifier,
@@ -225,21 +221,20 @@ func NewProjectAuditEvent(
 	headers["Content-Type"] = "application/json"
 	labels := make(map[string]string)
 	labels["label1"] = "value1"
-	email := "user@example.com"
 	auditEvent := &auditV1.AuditLogEntry{
-		LogName: fmt.Sprintf("%s/%s/logs/%s", pkgAuditCommon.ObjectTypeProject.Plural(), identifier, pkgAuditCommon.EventTypeAdminActivity),
+		LogName: fmt.Sprintf("%s/%s/logs/%s", ObjectTypeProject.Plural(), identifier, EventTypeAdminActivity),
 		ProtoPayload: &auditV1.AuditLog{
 			ServiceName:   "resource-manager",
 			OperationName: "stackit.resourcemanager.v2.project.created",
-			ResourceName:  fmt.Sprintf("%s/%s", pkgAuditCommon.ObjectTypeProject.Plural(), identifier),
+			ResourceName:  fmt.Sprintf("%s/%s", ObjectTypeProject.Plural(), identifier),
 			AuthenticationInfo: &auditV1.AuthenticationInfo{
 				PrincipalId:                  uuid.NewString(),
-				PrincipalEmail:               &email,
+				PrincipalEmail:               "user@example.com",
 				ServiceAccountName:           nil,
 				ServiceAccountDelegationInfo: nil,
 			},
 			AuthorizationInfo: []*auditV1.AuthorizationInfo{{
-				Resource:   fmt.Sprintf("%s/%s", pkgAuditCommon.ObjectTypeProject.Plural(), identifier),
+				Resource:   fmt.Sprintf("%s/%s", ObjectTypeProject.Plural(), identifier),
 				Permission: &permission,
 				Granted:    &permissionGranted,
 			}},
@@ -287,7 +282,7 @@ func NewProjectAuditEvent(
 
 	objectIdentifier := &auditV1.ObjectIdentifier{
 		Identifier: identifier.String(),
-		Type:       string(pkgAuditCommon.ObjectTypeProject),
+		Type:       string(ObjectTypeProject),
 	}
 
 	if customization != nil {
@@ -297,7 +292,7 @@ func NewProjectAuditEvent(
 	return auditEvent, objectIdentifier
 }
 
-func NewProjectSystemAuditEvent(
+func newProjectSystemAuditEvent(
 	customization *func(*auditV1.AuditLogEntry)) *auditV1.AuditLogEntry {
 
 	identifier := uuid.New()
@@ -311,21 +306,20 @@ func NewProjectSystemAuditEvent(
 	serviceAccountId := uuid.NewString()
 	serviceAccountName := fmt.Sprintf("projects/%s/service-accounts/%s", identifier, serviceAccountId)
 	delegationPrincipal := auditV1.ServiceAccountDelegationInfo{Authority: &auditV1.ServiceAccountDelegationInfo_SystemPrincipal_{}}
-	email := "service-account@sa.stackit.cloud"
 	auditEvent := &auditV1.AuditLogEntry{
-		LogName: fmt.Sprintf("%s/%s/logs/%s", pkgAuditCommon.SystemIdentifier.Type, pkgAuditCommon.SystemIdentifier.Identifier, pkgAuditCommon.EventTypeSystemEvent),
+		LogName: fmt.Sprintf("%s/%s/logs/%s", SystemIdentifier.Type, SystemIdentifier.Identifier, EventTypeSystemEvent),
 		ProtoPayload: &auditV1.AuditLog{
 			ServiceName:   "resource-manager",
 			OperationName: "stackit.resourcemanager.v2.system.changed",
-			ResourceName:  fmt.Sprintf("%s/%s", pkgAuditCommon.ObjectTypeProject.Plural(), identifier),
+			ResourceName:  fmt.Sprintf("%s/%s", ObjectTypeProject.Plural(), identifier),
 			AuthenticationInfo: &auditV1.AuthenticationInfo{
 				PrincipalId:                  serviceAccountId,
-				PrincipalEmail:               &email,
+				PrincipalEmail:               "service-account@sa.stackit.cloud",
 				ServiceAccountName:           &serviceAccountName,
 				ServiceAccountDelegationInfo: []*auditV1.ServiceAccountDelegationInfo{&delegationPrincipal},
 			},
 			AuthorizationInfo: []*auditV1.AuthorizationInfo{{
-				Resource:   fmt.Sprintf("%s/%s", pkgAuditCommon.ObjectTypeProject.Plural(), identifier),
+				Resource:   fmt.Sprintf("%s/%s", ObjectTypeProject.Plural(), identifier),
 				Permission: nil,
 				Granted:    nil,
 			}},
@@ -378,7 +372,7 @@ func NewProjectSystemAuditEvent(
 	return auditEvent
 }
 
-func NewSystemAuditEvent(
+func newSystemAuditEvent(
 	customization *func(*auditV1.AuditLogEntry)) *auditV1.AuditLogEntry {
 
 	identifier := uuid.Nil
@@ -392,21 +386,20 @@ func NewSystemAuditEvent(
 	serviceAccountId := uuid.NewString()
 	serviceAccountName := fmt.Sprintf("projects/%s/service-accounts/%s", identifier, serviceAccountId)
 	delegationPrincipal := auditV1.ServiceAccountDelegationInfo{Authority: &auditV1.ServiceAccountDelegationInfo_SystemPrincipal_{}}
-	email := "service-account@sa.stackit.cloud"
 	auditEvent := &auditV1.AuditLogEntry{
-		LogName: fmt.Sprintf("%s/%s/logs/%s", pkgAuditCommon.ObjectTypeSystem.Plural(), identifier, pkgAuditCommon.EventTypeSystemEvent),
+		LogName: fmt.Sprintf("%s/%s/logs/%s", ObjectTypeSystem.Plural(), identifier, EventTypeSystemEvent),
 		ProtoPayload: &auditV1.AuditLog{
 			ServiceName:   "resource-manager",
 			OperationName: "stackit.resourcemanager.v2.system.changed",
-			ResourceName:  fmt.Sprintf("%s/%s", pkgAuditCommon.ObjectTypeSystem.Plural(), identifier),
+			ResourceName:  fmt.Sprintf("%s/%s", ObjectTypeSystem.Plural(), identifier),
 			AuthenticationInfo: &auditV1.AuthenticationInfo{
 				PrincipalId:                  serviceAccountId,
-				PrincipalEmail:               &email,
+				PrincipalEmail:               "service-account@sa.stackit.cloud",
 				ServiceAccountName:           &serviceAccountName,
 				ServiceAccountDelegationInfo: []*auditV1.ServiceAccountDelegationInfo{&delegationPrincipal},
 			},
 			AuthorizationInfo: []*auditV1.AuthorizationInfo{{
-				Resource:   fmt.Sprintf("%s/%s", pkgAuditCommon.ObjectTypeSystem.Plural(), identifier),
+				Resource:   fmt.Sprintf("%s/%s", ObjectTypeSystem.Plural(), identifier),
 				Permission: nil,
 				Granted:    nil,
 			}},

audit/api/trace.go

@@ -2,7 +2,6 @@ package api
 
 import (
 	"context"
-
 	"go.opentelemetry.io/otel/propagation"
 )
 

audit/api/trace_test.go

@@ -2,11 +2,10 @@ package api
 
 import (
 	"context"
-	"testing"
-
 	"github.com/stretchr/testify/assert"
 	"go.opentelemetry.io/otel"
 	"go.opentelemetry.io/otel/trace"
+	"testing"
 )
 
 func Test_AddTraceParentAndStateToContext(t *testing.T) {

audit/messaging/amqp_config.go

@@ -1,4 +1,7 @@
-package common
+package messaging
+
+const AmqpTopicPrefix = "topic://"
+const connectionTimeoutSeconds = 10
 
 type AmqpConnectionConfig struct {
 	BrokerUrl string `json:"brokerUrl"`

audit/messaging/amqp_connection.go

@@ -4,48 +4,43 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"github.com/Azure/go-amqp"
 	"log/slog"
 	"sync"
 	"time"
-
-	"github.com/Azure/go-amqp"
-
-	pkgCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/messaging/common"
 )
 
-const connectionTimeoutSeconds = 10
-
 var ErrConnectionClosed = errors.New("amqp connection is closed")
 
 type AmqpConnection struct {
-	ConnectionName string
+	connectionName string
-	Lock           sync.RWMutex
+	lock           sync.RWMutex
-	BrokerUrl      string
+	brokerUrl      string
-	Username       string
+	username       string
-	Password       string
+	password       string
-	Conn           AmqpConn
+	conn           amqpConn
-	Dialer         amqpDial
+	dialer         amqpDial
 }
 
-// AmqpConn is an abstraction of amqp.Conn
+// amqpConn is an abstraction of amqp.Conn
-type AmqpConn interface {
+type amqpConn interface {
-	NewSession(ctx context.Context, opts *amqp.SessionOptions) (AmqpSession, error)
+	NewSession(ctx context.Context, opts *amqp.SessionOptions) (amqpSession, error)
 	Close() error
 	Done() <-chan struct{}
 }
 
 type defaultAmqpConn struct {
-	Conn *amqp.Conn
+	conn *amqp.Conn
 }
 
 func newDefaultAmqpConn(conn *amqp.Conn) *defaultAmqpConn {
 	return &defaultAmqpConn{
-		Conn: conn,
+		conn: conn,
 	}
 }
 
-func (d defaultAmqpConn) NewSession(ctx context.Context, opts *amqp.SessionOptions) (AmqpSession, error) {
+func (d defaultAmqpConn) NewSession(ctx context.Context, opts *amqp.SessionOptions) (amqpSession, error) {
-	session, err := d.Conn.NewSession(ctx, opts)
+	session, err := d.conn.NewSession(ctx, opts)
 	if err != nil {
 		return nil, err
 	}
@@ -53,47 +48,47 @@ func (d defaultAmqpConn) NewSession(ctx context.Context, opts *amqp.SessionOptio
 }
 
 func (d defaultAmqpConn) Close() error {
-	return d.Conn.Close()
+	return d.conn.Close()
 }
 
 func (d defaultAmqpConn) Done() <-chan struct{} {
-	return d.Conn.Done()
+	return d.conn.Done()
 }
 
-var _ AmqpConn = (*defaultAmqpConn)(nil)
+var _ amqpConn = (*defaultAmqpConn)(nil)
 
 type amqpDial interface {
-	Dial(ctx context.Context, addr string, opts *amqp.ConnOptions) (AmqpConn, error)
+	Dial(ctx context.Context, addr string, opts *amqp.ConnOptions) (amqpConn, error)
 }
 
-type AmqpSession interface {
+type amqpSession interface {
-	NewSender(ctx context.Context, target string, opts *amqp.SenderOptions) (AmqpSender, error)
+	NewSender(ctx context.Context, target string, opts *amqp.SenderOptions) (amqpSender, error)
 	Close(ctx context.Context) error
 }
 
 type defaultAmqpSession struct {
-	Session *amqp.Session
+	session *amqp.Session
 }
 
 func newDefaultAmqpSession(session *amqp.Session) *defaultAmqpSession {
 	return &defaultAmqpSession{
-		Session: session,
+		session: session,
 	}
 }
 
-func (s *defaultAmqpSession) NewSender(ctx context.Context, target string, opts *amqp.SenderOptions) (AmqpSender, error) {
+func (s *defaultAmqpSession) NewSender(ctx context.Context, target string, opts *amqp.SenderOptions) (amqpSender, error) {
-	return s.Session.NewSender(ctx, target, opts)
+	return s.session.NewSender(ctx, target, opts)
 }
 
 func (s *defaultAmqpSession) Close(ctx context.Context) error {
-	return s.Session.Close(ctx)
+	return s.session.Close(ctx)
 }
 
-var _ AmqpSession = (*defaultAmqpSession)(nil)
+var _ amqpSession = (*defaultAmqpSession)(nil)
 
 type defaultAmqpDialer struct{}
 
-func (d *defaultAmqpDialer) Dial(ctx context.Context, addr string, opts *amqp.ConnOptions) (AmqpConn, error) {
+func (d *defaultAmqpDialer) Dial(ctx context.Context, addr string, opts *amqp.ConnOptions) (amqpConn, error) {
 	dial, err := amqp.Dial(ctx, addr, opts)
 	if err != nil {
 		return nil, err
@@ -103,19 +98,19 @@ func (d *defaultAmqpDialer) Dial(ctx context.Context, addr string, opts *amqp.Co
 
 var _ amqpDial = (*defaultAmqpDialer)(nil)
 
-func NewAmqpConnection(config pkgCommon.AmqpConnectionConfig, connectionName string) *AmqpConnection {
+func NewAmqpConnection(config AmqpConnectionConfig, connectionName string) *AmqpConnection {
 	return &AmqpConnection{
-		ConnectionName: connectionName,
+		connectionName: connectionName,
-		Lock:           sync.RWMutex{},
+		lock:           sync.RWMutex{},
-		BrokerUrl:      config.BrokerUrl,
+		brokerUrl:      config.BrokerUrl,
-		Username:       config.Username,
+		username:       config.Username,
-		Password:       config.Password,
+		password:       config.Password,
-		Dialer:         &defaultAmqpDialer{},
+		dialer:         &defaultAmqpDialer{},
 	}
 }
 
 func (c *AmqpConnection) NewSender(ctx context.Context, topic string) (*AmqpSenderSession, error) {
-	if c.Conn == nil {
+	if c.conn == nil {
 		return nil, errors.New("connection is not initialized")
 	}
 
@@ -123,11 +118,11 @@ func (c *AmqpConnection) NewSender(ctx context.Context, topic string) (*AmqpSend
 		return nil, ErrConnectionClosed
 	}
 
-	c.Lock.RLock()
+	c.lock.RLock()
-	defer c.Lock.RUnlock()
+	defer c.lock.RUnlock()
 
 	// new session
-	newSession, err := c.Conn.NewSession(ctx, nil)
+	newSession, err := c.conn.NewSession(ctx, nil)
 	if err != nil {
 		return nil, fmt.Errorf("new session: %w", err)
 	}
@@ -162,8 +157,8 @@ func As[T any](value any, err error) (*T, error) {
 }
 
 func (c *AmqpConnection) Connect() error {
-	c.Lock.Lock()
+	c.lock.Lock()
-	defer c.Lock.Unlock()
+	defer c.lock.Unlock()
 
 	subCtx, cancel := context.WithTimeout(context.Background(), connectionTimeoutSeconds*time.Second)
 	defer cancel()
@@ -175,11 +170,11 @@ func (c *AmqpConnection) Connect() error {
 }
 
 func (c *AmqpConnection) internalConnect(ctx context.Context) error {
-	if c.Conn == nil {
+	if c.conn == nil {
 		// Set credentials if specified
 		auth := amqp.SASLTypeAnonymous()
-		if c.Username != "" && c.Password != "" {
+		if c.username != "" && c.password != "" {
-			auth = amqp.SASLTypePlain(c.Username, c.Password)
+			auth = amqp.SASLTypePlain(c.username, c.password)
 		} else {
 			slog.Debug("amqp connection: connect: using anonymous messaging")
 		}
@@ -188,18 +183,18 @@ func (c *AmqpConnection) internalConnect(ctx context.Context) error {
 		}
 
 		// Initialize connection
-		conn, err := c.Dialer.Dial(ctx, c.BrokerUrl, options)
+		conn, err := c.dialer.Dial(ctx, c.brokerUrl, options)
 		if err != nil {
 			return fmt.Errorf("dial: %w", err)
 		}
-		c.Conn = conn
+		c.conn = conn
 	}
 	return nil
 }
 
 func (c *AmqpConnection) Close() error {
-	c.Lock.Lock()
+	c.lock.Lock()
-	defer c.Lock.Unlock()
+	defer c.lock.Unlock()
 
 	if err := c.internalClose(); err != nil {
 		return fmt.Errorf("internal close: %w", err)
@@ -208,28 +203,28 @@ func (c *AmqpConnection) Close() error {
 }
 
 func (c *AmqpConnection) internalClose() error {
-	if c.Conn != nil {
+	if c.conn != nil {
-		if err := c.Conn.Close(); err != nil {
+		if err := c.conn.Close(); err != nil {
 			return fmt.Errorf("connection close: %w", err)
 		}
-		c.Conn = nil
+		c.conn = nil
 	}
 	return nil
 }
 
 func (c *AmqpConnection) IsClosed() bool {
-	c.Lock.RLock()
+	c.lock.RLock()
-	defer c.Lock.RUnlock()
+	defer c.lock.RUnlock()
 
 	return c.internalIsClosed()
 }
 
 func (c *AmqpConnection) internalIsClosed() bool {
-	if c.Conn == nil {
+	if c.conn == nil {
 		return true
 	}
 	select {
-	case <-c.Conn.Done():
+	case <-c.conn.Done():
 		return true
 	default:
 		return false

audit/messaging/amqp_connection_pool.go

@@ -5,17 +5,15 @@ import (
 	"fmt"
 	"log/slog"
 	"sync"
-
-	pkgCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/messaging/common"
 )
 
 type connectionProvider interface {
-	NewAmqpConnection(config pkgCommon.AmqpConnectionConfig, connectionName string) *AmqpConnection
+	NewAmqpConnection(config AmqpConnectionConfig, connectionName string) *AmqpConnection
 }
 
 type defaultAmqpConnectionProvider struct{}
 
-func (p defaultAmqpConnectionProvider) NewAmqpConnection(config pkgCommon.AmqpConnectionConfig, connectionName string) *AmqpConnection {
+func (p defaultAmqpConnectionProvider) NewAmqpConnection(config AmqpConnectionConfig, connectionName string) *AmqpConnection {
 	return NewAmqpConnection(config, connectionName)
 }
 
@@ -28,37 +26,37 @@ type ConnectionPool interface {
 }
 
 type AmqpConnectionPool struct {
-	Config             pkgCommon.AmqpConnectionPoolConfig
+	config             AmqpConnectionPoolConfig
-	ConnectionName     string
+	connectionName     string
-	Connections        []*AmqpConnection
+	connections        []*AmqpConnection
-	ConnectionProvider connectionProvider
+	connectionProvider connectionProvider
-	HandleOffset       int
+	handleOffset       int
-	Lock               sync.RWMutex
+	lock               sync.RWMutex
 }
 
 type ConnectionPoolHandle struct {
-	ConnectionOffset int
+	connectionOffset int
 }
 
-func NewDefaultAmqpConnectionPool(config pkgCommon.AmqpConnectionConfig, connectionName string) (ConnectionPool, error) {
+func NewDefaultAmqpConnectionPool(config AmqpConnectionConfig, connectionName string) (ConnectionPool, error) {
-	poolConfig := pkgCommon.AmqpConnectionPoolConfig{
+	poolConfig := AmqpConnectionPoolConfig{
 		Parameters: config,
 		PoolSize:   2,
 	}
 	return NewAmqpConnectionPool(poolConfig, connectionName)
 }
 
-func NewAmqpConnectionPool(config pkgCommon.AmqpConnectionPoolConfig, connectionName string) (ConnectionPool, error) {
+func NewAmqpConnectionPool(config AmqpConnectionPoolConfig, connectionName string) (ConnectionPool, error) {
 	if config.PoolSize == 0 {
 		config.PoolSize = 2
 	}
 	pool := &AmqpConnectionPool{
-		Config:             config,
+		config:             config,
-		ConnectionName:     connectionName,
+		connectionName:     connectionName,
-		Connections:        make([]*AmqpConnection, 0),
+		connections:        make([]*AmqpConnection, 0),
-		ConnectionProvider: defaultAmqpConnectionProvider{},
+		connectionProvider: defaultAmqpConnectionProvider{},
-		HandleOffset:       0,
+		handleOffset:       0,
-		Lock:               sync.RWMutex{},
+		lock:               sync.RWMutex{},
 	}
 
 	if err := pool.initializeConnections(); err != nil {
@@ -72,11 +70,11 @@ func NewAmqpConnectionPool(config pkgCommon.AmqpConnectionPoolConfig, connection
 }
 
 func (p *AmqpConnectionPool) initializeConnections() error {
-	if len(p.Connections) < p.Config.PoolSize {
+	if len(p.connections) < p.config.PoolSize {
-		p.Lock.Lock()
+		p.lock.Lock()
-		defer p.Lock.Unlock()
+		defer p.lock.Unlock()
 
-		numMissingConnections := p.Config.PoolSize - len(p.Connections)
+		numMissingConnections := p.config.PoolSize - len(p.connections)
 
 		for i := 0; i < numMissingConnections; i++ {
 			if err := p.internalAddConnection(); err != nil {
@@ -92,12 +90,12 @@ func (p *AmqpConnectionPool) internalAddConnection() error {
 	if err != nil {
 		return fmt.Errorf("new connection: %w", err)
 	}
-	p.Connections = append(p.Connections, newConnection)
+	p.connections = append(p.connections, newConnection)
 	return nil
 }
 
 func (p *AmqpConnectionPool) internalNewConnection() (*AmqpConnection, error) {
-	conn := p.ConnectionProvider.NewAmqpConnection(p.Config.Parameters, p.ConnectionName)
+	conn := p.connectionProvider.NewAmqpConnection(p.config.Parameters, p.connectionName)
 	if err := conn.Connect(); err != nil {
 		slog.Warn("amqp connection: failed to connect to amqp broker", slog.Any("err", err))
 
@@ -116,18 +114,18 @@ func (p *AmqpConnectionPool) internalNewConnection() (*AmqpConnection, error) {
 }
 
 func (p *AmqpConnectionPool) Close() error {
-	p.Lock.Lock()
+	p.lock.Lock()
-	defer p.Lock.Unlock()
+	defer p.lock.Unlock()
 
 	closeErrors := make([]error, 0)
-	for _, conn := range p.Connections {
+	for _, conn := range p.connections {
 		if conn != nil {
 			if err := conn.Close(); err != nil {
 				closeErrors = append(closeErrors, fmt.Errorf("pooled connection: %w", err))
 			}
 		}
 	}
-	p.Connections = make([]*AmqpConnection, p.Config.PoolSize)
+	p.connections = make([]*AmqpConnection, p.config.PoolSize)
 	if len(closeErrors) > 0 {
 		return errors.Join(closeErrors...)
 	}
@@ -135,16 +133,16 @@ func (p *AmqpConnectionPool) Close() error {
 }
 
 func (p *AmqpConnectionPool) NewHandle() *ConnectionPoolHandle {
-	p.Lock.Lock()
+	p.lock.Lock()
-	defer p.Lock.Unlock()
+	defer p.lock.Unlock()
 
-	offset := p.HandleOffset
+	offset := p.handleOffset
-	p.HandleOffset++
+	p.handleOffset++
 
-	offset %= p.Config.PoolSize
+	offset %= p.config.PoolSize
 
 	return &ConnectionPoolHandle{
-		ConnectionOffset: offset,
+		connectionOffset: offset,
 	}
 }
 
@@ -154,16 +152,16 @@ func (p *AmqpConnectionPool) GetConnection(handle *ConnectionPoolHandle) (*AmqpC
 
 	// renew the requested connection if the request connection is closed
 	if conn == nil || addConnection {
-		p.Lock.Lock()
+		p.lock.Lock()
 
 		// check that accessing the pool only with a valid index (out of bounds should only occur on shutdown)
 		connectionIndex := p.connectionIndex(handle, 0)
-		if p.Connections[connectionIndex] == nil {
+		if p.connections[connectionIndex] == nil {
 			connection, err := p.internalNewConnection()
 			if err != nil {
 				if conn == nil {
 					// case: connection could not be renewed and no connection to return has been found
-					p.Lock.Unlock()
+					p.lock.Unlock()
 					return nil, fmt.Errorf("renew connection: %w", err)
 				}
 
@@ -171,11 +169,11 @@ func (p *AmqpConnectionPool) GetConnection(handle *ConnectionPoolHandle) (*AmqpC
 				slog.Warn("amqp connection pool: get connection: renew connection: ", slog.Any("err", err))
 			} else {
 				// case: connection could be renewed and will be added to pool
-				p.Connections[connectionIndex] = connection
+				p.connections[connectionIndex] = connection
 				conn = connection
 			}
 		}
-		p.Lock.Unlock()
+		p.lock.Unlock()
 	}
 
 	if conn == nil {
@@ -189,18 +187,18 @@ func (p *AmqpConnectionPool) nextConnectionForHandle(handle *ConnectionPoolHandl
 	// retry as long as there are remaining connections in the pool
 	var conn *AmqpConnection
 	var addConnection bool
-	for i := 0; i < p.Config.PoolSize; i++ {
+	for i := 0; i < p.config.PoolSize; i++ {
 
 		// get the next possible connection (considering the retry index)
 		idx := p.connectionIndex(handle, i)
-		p.Lock.RLock()
+		p.lock.RLock()
-		if idx < len(p.Connections) {
+		if idx < len(p.connections) {
-			conn = p.Connections[idx]
+			conn = p.connections[idx]
 		} else {
 			//  handle the edge case that the pool is empty on shutdown
 			conn = nil
 		}
-		p.Lock.RUnlock()
+		p.lock.RUnlock()
 
 		// remember that the requested is closed, retry with the next
 		if conn == nil {
@@ -210,9 +208,9 @@ func (p *AmqpConnectionPool) nextConnectionForHandle(handle *ConnectionPoolHandl
 
 		// if the connection is closed, mark it by setting it to nil
 		if conn.IsClosed() {
-			p.Lock.Lock()
+			p.lock.Lock()
-			p.Connections[idx] = nil
+			p.connections[idx] = nil
-			p.Lock.Unlock()
+			p.lock.Unlock()
 
 			addConnection = true
 			continue
@@ -224,8 +222,8 @@ func (p *AmqpConnectionPool) nextConnectionForHandle(handle *ConnectionPoolHandl
 }
 
 func (p *AmqpConnectionPool) connectionIndex(handle *ConnectionPoolHandle, iteration int) int {
-	if iteration+handle.ConnectionOffset >= p.Config.PoolSize {
+	if iteration+handle.connectionOffset >= p.config.PoolSize {
-		return (iteration + handle.ConnectionOffset) % p.Config.PoolSize
+		return (iteration + handle.connectionOffset) % p.config.PoolSize
 	}
-	return iteration + handle.ConnectionOffset
+	return iteration + handle.connectionOffset
 }

audit/messaging/amqp_connection_pool_test.go

@@ -3,20 +3,17 @@ package messaging
 import (
 	"errors"
 	"fmt"
-	"sync"
-	"testing"
-
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
-
+	"sync"
-	pkgMessagingCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/messaging/common"
+	"testing"
 )
 
 type connectionProviderMock struct {
 	mock.Mock
 }
 
-func (p *connectionProviderMock) NewAmqpConnection(config pkgMessagingCommon.AmqpConnectionConfig, connectionName string) *AmqpConnection {
+func (p *connectionProviderMock) NewAmqpConnection(config AmqpConnectionConfig, connectionName string) *AmqpConnection {
 	args := p.Called(config, connectionName)
 	return args.Get(0).(*AmqpConnection)
 }
@@ -27,28 +24,28 @@ func Test_AmqpConnectionPool_GetHandle(t *testing.T) {
 
 	t.Run("next handle", func(t *testing.T) {
 		pool := AmqpConnectionPool{
-			Config:       pkgMessagingCommon.AmqpConnectionPoolConfig{PoolSize: 5},
+			config:       AmqpConnectionPoolConfig{PoolSize: 5},
-			HandleOffset: 0,
+			handleOffset: 0,
-			Lock:         sync.RWMutex{},
+			lock:         sync.RWMutex{},
 		}
 
 		handle := pool.NewHandle()
 		assert.NotNil(t, handle)
-		assert.Equal(t, 0, handle.ConnectionOffset)
+		assert.Equal(t, 0, handle.connectionOffset)
-		assert.Equal(t, 1, pool.HandleOffset)
+		assert.Equal(t, 1, pool.handleOffset)
 	})
 
 	t.Run("next handle high offset", func(t *testing.T) {
 		pool := AmqpConnectionPool{
-			Config:       pkgMessagingCommon.AmqpConnectionPoolConfig{PoolSize: 5},
+			config:       AmqpConnectionPoolConfig{PoolSize: 5},
-			HandleOffset: 13,
+			handleOffset: 13,
-			Lock:         sync.RWMutex{},
+			lock:         sync.RWMutex{},
 		}
 
 		handle := pool.NewHandle()
 		assert.NotNil(t, handle)
-		assert.Equal(t, 3, handle.ConnectionOffset)
+		assert.Equal(t, 3, handle.connectionOffset)
-		assert.Equal(t, 14, pool.HandleOffset)
+		assert.Equal(t, 14, pool.handleOffset)
 	})
 }
 
@@ -61,24 +58,24 @@ func Test_AmqpConnectionPool_internalAddConnection(t *testing.T) {
 		dialer.On("Dial", mock.Anything, mock.Anything, mock.Anything).Return(conn, nil)
 
 		connection := &AmqpConnection{
-			ConnectionName: "test",
+			connectionName: "test",
-			Lock:           sync.RWMutex{},
+			lock:           sync.RWMutex{},
-			Dialer:         dialer,
+			dialer:         dialer,
 		}
 
 		connectionProvider := &connectionProviderMock{}
 		connectionProvider.On("NewAmqpConnection", mock.Anything, mock.Anything).Return(connection)
 		pool := AmqpConnectionPool{
-			Config:             pkgMessagingCommon.AmqpConnectionPoolConfig{PoolSize: 5},
+			config:             AmqpConnectionPoolConfig{PoolSize: 5},
-			HandleOffset:       0,
+			handleOffset:       0,
-			Lock:               sync.RWMutex{},
+			lock:               sync.RWMutex{},
-			ConnectionProvider: connectionProvider,
+			connectionProvider: connectionProvider,
 		}
 
 		err := pool.internalAddConnection()
 		assert.NoError(t, err)
 
-		assert.Equal(t, 1, len(pool.Connections))
+		assert.Equal(t, 1, len(pool.connections))
 		connectionProvider.AssertNumberOfCalls(t, "NewAmqpConnection", 1)
 		dialer.AssertNumberOfCalls(t, "Dial", 1)
 	})
@@ -92,24 +89,24 @@ func Test_AmqpConnectionPool_internalAddConnection(t *testing.T) {
 		dialer.On("Dial", mock.Anything, mock.Anything, mock.Anything).Return(conn, nil)
 
 		connection := &AmqpConnection{
-			ConnectionName: "test",
+			connectionName: "test",
-			Lock:           sync.RWMutex{},
+			lock:           sync.RWMutex{},
-			Dialer:         dialer,
+			dialer:         dialer,
 		}
 
 		connectionProvider := &connectionProviderMock{}
 		connectionProvider.On("NewAmqpConnection", mock.Anything, mock.Anything).Return(connection)
 		pool := AmqpConnectionPool{
-			Config:             pkgMessagingCommon.AmqpConnectionPoolConfig{PoolSize: 5},
+			config:             AmqpConnectionPoolConfig{PoolSize: 5},
-			HandleOffset:       0,
+			handleOffset:       0,
-			Lock:               sync.RWMutex{},
+			lock:               sync.RWMutex{},
-			ConnectionProvider: connectionProvider,
+			connectionProvider: connectionProvider,
 		}
 
 		err := pool.internalAddConnection()
 		assert.NoError(t, err)
 
-		assert.Equal(t, 1, len(pool.Connections))
+		assert.Equal(t, 1, len(pool.connections))
 		connectionProvider.AssertNumberOfCalls(t, "NewAmqpConnection", 1)
 		dialer.AssertNumberOfCalls(t, "Dial", 2)
 	})
@@ -120,24 +117,24 @@ func Test_AmqpConnectionPool_internalAddConnection(t *testing.T) {
 		dialer.On("Dial", mock.Anything, mock.Anything, mock.Anything).Return(c, errors.New("test error"))
 
 		connection := &AmqpConnection{
-			ConnectionName: "test",
+			connectionName: "test",
-			Lock:           sync.RWMutex{},
+			lock:           sync.RWMutex{},
-			Dialer:         dialer,
+			dialer:         dialer,
 		}
 
 		connectionProvider := &connectionProviderMock{}
 		connectionProvider.On("NewAmqpConnection", mock.Anything, mock.Anything).Return(connection)
 		pool := AmqpConnectionPool{
-			Config:             pkgMessagingCommon.AmqpConnectionPoolConfig{PoolSize: 5},
+			config:             AmqpConnectionPoolConfig{PoolSize: 5},
-			HandleOffset:       0,
+			handleOffset:       0,
-			Lock:               sync.RWMutex{},
+			lock:               sync.RWMutex{},
-			ConnectionProvider: connectionProvider,
+			connectionProvider: connectionProvider,
 		}
 
 		err := pool.internalAddConnection()
 		assert.EqualError(t, err, "new connection: new internal connection: internal connect: dial: test error")
 
-		assert.Equal(t, 0, len(pool.Connections))
+		assert.Equal(t, 0, len(pool.connections))
 		connectionProvider.AssertNumberOfCalls(t, "NewAmqpConnection", 1)
 		dialer.AssertNumberOfCalls(t, "Dial", 2)
 	})
@@ -152,24 +149,24 @@ func Test_AmqpConnectionPool_initializeConnections(t *testing.T) {
 		dialer.On("Dial", mock.Anything, mock.Anything, mock.Anything).Return(conn, nil)
 
 		connection := &AmqpConnection{
-			ConnectionName: "test",
+			connectionName: "test",
-			Lock:           sync.RWMutex{},
+			lock:           sync.RWMutex{},
-			Dialer:         dialer,
+			dialer:         dialer,
 		}
 
 		connectionProvider := &connectionProviderMock{}
 		connectionProvider.On("NewAmqpConnection", mock.Anything, mock.Anything).Return(connection)
 		pool := AmqpConnectionPool{
-			Config:             pkgMessagingCommon.AmqpConnectionPoolConfig{PoolSize: 5},
+			config:             AmqpConnectionPoolConfig{PoolSize: 5},
-			HandleOffset:       0,
+			handleOffset:       0,
-			Lock:               sync.RWMutex{},
+			lock:               sync.RWMutex{},
-			ConnectionProvider: connectionProvider,
+			connectionProvider: connectionProvider,
 		}
 
 		err := pool.initializeConnections()
 		assert.NoError(t, err)
 
-		assert.Equal(t, 5, len(pool.Connections))
+		assert.Equal(t, 5, len(pool.connections))
 		connectionProvider.AssertNumberOfCalls(t, "NewAmqpConnection", 5)
 	})
 
@@ -180,9 +177,9 @@ func Test_AmqpConnectionPool_initializeConnections(t *testing.T) {
 		failingDialer.On("Dial", mock.Anything, mock.Anything, mock.Anything).Return(c, errors.New("test error"))
 
 		failingConnection := &AmqpConnection{
-			ConnectionName: "test",
+			connectionName: "test",
-			Lock:           sync.RWMutex{},
+			lock:           sync.RWMutex{},
-			Dialer:         failingDialer,
+			dialer:         failingDialer,
 		}
 
 		conn := &amqpConnMock{}
@@ -190,25 +187,25 @@ func Test_AmqpConnectionPool_initializeConnections(t *testing.T) {
 		successfulDialer.On("Dial", mock.Anything, mock.Anything, mock.Anything).Return(conn, nil)
 
 		successfulConnection := &AmqpConnection{
-			ConnectionName: "test",
+			connectionName: "test",
-			Lock:           sync.RWMutex{},
+			lock:           sync.RWMutex{},
-			Dialer:         successfulDialer,
+			dialer:         successfulDialer,
 		}
 
 		connectionProvider := &connectionProviderMock{}
 		connectionProvider.On("NewAmqpConnection", mock.Anything, mock.Anything).Return(successfulConnection).Times(4)
 		connectionProvider.On("NewAmqpConnection", mock.Anything, mock.Anything).Return(failingConnection)
 		pool := AmqpConnectionPool{
-			Config:             pkgMessagingCommon.AmqpConnectionPoolConfig{PoolSize: 5},
+			config:             AmqpConnectionPoolConfig{PoolSize: 5},
-			HandleOffset:       0,
+			handleOffset:       0,
-			Lock:               sync.RWMutex{},
+			lock:               sync.RWMutex{},
-			ConnectionProvider: connectionProvider,
+			connectionProvider: connectionProvider,
 		}
 
 		err := pool.initializeConnections()
 		assert.EqualError(t, err, "new connection: new internal connection: internal connect: dial: test error")
 
-		assert.Equal(t, 4, len(pool.Connections))
+		assert.Equal(t, 4, len(pool.connections))
 		connectionProvider.AssertNumberOfCalls(t, "NewAmqpConnection", 5)
 	})
 }
@@ -224,30 +221,30 @@ func Test_AmqpConnectionPool_Close(t *testing.T) {
 		dialer.On("Dial", mock.Anything, mock.Anything, mock.Anything).Return(conn, nil)
 
 		connection := &AmqpConnection{
-			ConnectionName: "test",
+			connectionName: "test",
-			Lock:           sync.RWMutex{},
+			lock:           sync.RWMutex{},
-			Dialer:         dialer,
+			dialer:         dialer,
 		}
 
 		connectionProvider := &connectionProviderMock{}
 		connectionProvider.On("NewAmqpConnection", mock.Anything, mock.Anything).Return(connection)
 		pool := AmqpConnectionPool{
-			Config:             pkgMessagingCommon.AmqpConnectionPoolConfig{PoolSize: 5},
+			config:             AmqpConnectionPoolConfig{PoolSize: 5},
-			HandleOffset:       0,
+			handleOffset:       0,
-			Lock:               sync.RWMutex{},
+			lock:               sync.RWMutex{},
-			ConnectionProvider: connectionProvider,
+			connectionProvider: connectionProvider,
 		}
 
 		err := pool.initializeConnections()
 		assert.NoError(t, err)
 
-		assert.Equal(t, 5, len(pool.Connections))
+		assert.Equal(t, 5, len(pool.connections))
 
 		// close the pool
 		err = pool.Close()
 		assert.NoError(t, err)
-		assert.Equal(t, 5, len(pool.Connections))
+		assert.Equal(t, 5, len(pool.connections))
-		for _, c := range pool.Connections {
+		for _, c := range pool.connections {
 			assert.Nil(t, c)
 		}
 	})
@@ -261,9 +258,9 @@ func Test_AmqpConnectionPool_Close(t *testing.T) {
 		failingDialer.On("Dial", mock.Anything, mock.Anything, mock.Anything).Return(failingConn, nil)
 
 		failingConnection := &AmqpConnection{
-			ConnectionName: "test",
+			connectionName: "test",
-			Lock:           sync.RWMutex{},
+			lock:           sync.RWMutex{},
-			Dialer:         failingDialer,
+			dialer:         failingDialer,
 		}
 
 		successfulConn := &amqpConnMock{}
@@ -272,9 +269,9 @@ func Test_AmqpConnectionPool_Close(t *testing.T) {
 		successfulDialer.On("Dial", mock.Anything, mock.Anything, mock.Anything).Return(successfulConn, nil)
 
 		successfulConnection := &AmqpConnection{
-			ConnectionName: "test",
+			connectionName: "test",
-			Lock:           sync.RWMutex{},
+			lock:           sync.RWMutex{},
-			Dialer:         successfulDialer,
+			dialer:         successfulDialer,
 		}
 
 		connectionProvider := &connectionProviderMock{}
@@ -283,22 +280,22 @@ func Test_AmqpConnectionPool_Close(t *testing.T) {
 		connectionProvider.On("NewAmqpConnection", mock.Anything, mock.Anything).Return(successfulConnection).Times(1)
 
 		pool := AmqpConnectionPool{
-			Config:             pkgMessagingCommon.AmqpConnectionPoolConfig{PoolSize: 5},
+			config:             AmqpConnectionPoolConfig{PoolSize: 5},
-			HandleOffset:       0,
+			handleOffset:       0,
-			Lock:               sync.RWMutex{},
+			lock:               sync.RWMutex{},
-			ConnectionProvider: connectionProvider,
+			connectionProvider: connectionProvider,
 		}
 
 		err := pool.initializeConnections()
 		assert.NoError(t, err)
 
-		assert.Equal(t, 5, len(pool.Connections))
+		assert.Equal(t, 5, len(pool.connections))
 
 		// close the pool
 		err = pool.Close()
 		assert.EqualError(t, err, "pooled connection: internal close: connection close: test error\npooled connection: internal close: connection close: test error")
-		assert.Equal(t, 5, len(pool.Connections))
+		assert.Equal(t, 5, len(pool.connections))
-		for _, c := range pool.Connections {
+		for _, c := range pool.connections {
 			assert.Nil(t, c)
 		}
 	})
@@ -314,9 +311,9 @@ func Test_AmqpConnectionPool_nextConnectionForHandle(t *testing.T) {
 		conn := &amqpConnMock{}
 		conn.On("Done", mock.Anything).Return(channelReceiver(channel))
 		return &AmqpConnection{
-			ConnectionName: "test",
+			connectionName: "test",
-			Lock:           sync.RWMutex{},
+			lock:           sync.RWMutex{},
-			Conn:           conn,
+			conn:           conn,
 		}
 	}
 
@@ -327,9 +324,9 @@ func Test_AmqpConnectionPool_nextConnectionForHandle(t *testing.T) {
 		conn := &amqpConnMock{}
 		conn.On("Done", mock.Anything).Return(channelReceiver(channel))
 		return &AmqpConnection{
-			ConnectionName: "test",
+			connectionName: "test",
-			Lock:           sync.RWMutex{},
+			lock:           sync.RWMutex{},
-			Conn:           conn,
+			conn:           conn,
 		}
 	}
 
@@ -340,13 +337,13 @@ func Test_AmqpConnectionPool_nextConnectionForHandle(t *testing.T) {
 		}
 
 		pool := AmqpConnectionPool{
-			Config:       pkgMessagingCommon.AmqpConnectionPoolConfig{PoolSize: 5},
+			config:       AmqpConnectionPoolConfig{PoolSize: 5},
-			HandleOffset: 0,
+			handleOffset: 0,
-			Lock:         sync.RWMutex{},
+			lock:         sync.RWMutex{},
-			Connections:  connections,
+			connections:  connections,
 		}
 
-		connection, addConnection := pool.nextConnectionForHandle(&ConnectionPoolHandle{ConnectionOffset: 1})
+		connection, addConnection := pool.nextConnectionForHandle(&ConnectionPoolHandle{connectionOffset: 1})
 		assert.NotNil(t, connection)
 		assert.False(t, addConnection)
 	})
@@ -360,13 +357,13 @@ func Test_AmqpConnectionPool_nextConnectionForHandle(t *testing.T) {
 		connections = append(connections, newActiveConnection())
 
 		pool := AmqpConnectionPool{
-			Config:       pkgMessagingCommon.AmqpConnectionPoolConfig{PoolSize: 5},
+			config:       AmqpConnectionPoolConfig{PoolSize: 5},
-			HandleOffset: 0,
+			handleOffset: 0,
-			Lock:         sync.RWMutex{},
+			lock:         sync.RWMutex{},
-			Connections:  connections,
+			connections:  connections,
 		}
 
-		connection, addConnection := pool.nextConnectionForHandle(&ConnectionPoolHandle{ConnectionOffset: 1})
+		connection, addConnection := pool.nextConnectionForHandle(&ConnectionPoolHandle{connectionOffset: 1})
 		assert.NotNil(t, connection)
 		assert.True(t, addConnection)
 	})
@@ -380,13 +377,13 @@ func Test_AmqpConnectionPool_nextConnectionForHandle(t *testing.T) {
 		connections = append(connections, newActiveConnection())
 
 		pool := AmqpConnectionPool{
-			Config:       pkgMessagingCommon.AmqpConnectionPoolConfig{PoolSize: 5},
+			config:       AmqpConnectionPoolConfig{PoolSize: 5},
-			HandleOffset: 0,
+			handleOffset: 0,
-			Lock:         sync.RWMutex{},
+			lock:         sync.RWMutex{},
-			Connections:  connections,
+			connections:  connections,
 		}
 
-		connection, addConnection := pool.nextConnectionForHandle(&ConnectionPoolHandle{ConnectionOffset: 1})
+		connection, addConnection := pool.nextConnectionForHandle(&ConnectionPoolHandle{connectionOffset: 1})
 		assert.NotNil(t, connection)
 		assert.True(t, addConnection)
 	})
@@ -400,13 +397,13 @@ func Test_AmqpConnectionPool_nextConnectionForHandle(t *testing.T) {
 		connections = append(connections, nil)
 
 		pool := AmqpConnectionPool{
-			Config:       pkgMessagingCommon.AmqpConnectionPoolConfig{PoolSize: 5},
+			config:       AmqpConnectionPoolConfig{PoolSize: 5},
-			HandleOffset: 0,
+			handleOffset: 0,
-			Lock:         sync.RWMutex{},
+			lock:         sync.RWMutex{},
-			Connections:  connections,
+			connections:  connections,
 		}
 
-		connection, addConnection := pool.nextConnectionForHandle(&ConnectionPoolHandle{ConnectionOffset: 1})
+		connection, addConnection := pool.nextConnectionForHandle(&ConnectionPoolHandle{connectionOffset: 1})
 		assert.Nil(t, connection)
 		assert.True(t, addConnection)
 	})
@@ -420,13 +417,13 @@ func Test_AmqpConnectionPool_nextConnectionForHandle(t *testing.T) {
 		connections = append(connections, nil)
 
 		pool := AmqpConnectionPool{
-			Config:       pkgMessagingCommon.AmqpConnectionPoolConfig{PoolSize: 5},
+			config:       AmqpConnectionPoolConfig{PoolSize: 5},
-			HandleOffset: 0,
+			handleOffset: 0,
-			Lock:         sync.RWMutex{},
+			lock:         sync.RWMutex{},
-			Connections:  connections,
+			connections:  connections,
 		}
 
-		connection, addConnection := pool.nextConnectionForHandle(&ConnectionPoolHandle{ConnectionOffset: 23})
+		connection, addConnection := pool.nextConnectionForHandle(&ConnectionPoolHandle{connectionOffset: 23})
 		assert.NotNil(t, connection)
 		assert.False(t, addConnection)
 	})
@@ -440,13 +437,13 @@ func Test_AmqpConnectionPool_nextConnectionForHandle(t *testing.T) {
 		connections = append(connections, newActiveConnection())
 
 		pool := AmqpConnectionPool{
-			Config:       pkgMessagingCommon.AmqpConnectionPoolConfig{PoolSize: 5},
+			config:       AmqpConnectionPoolConfig{PoolSize: 5},
-			HandleOffset: 0,
+			handleOffset: 0,
-			Lock:         sync.RWMutex{},
+			lock:         sync.RWMutex{},
-			Connections:  connections,
+			connections:  connections,
 		}
 
-		connection, addConnection := pool.nextConnectionForHandle(&ConnectionPoolHandle{ConnectionOffset: 23})
+		connection, addConnection := pool.nextConnectionForHandle(&ConnectionPoolHandle{connectionOffset: 23})
 		assert.NotNil(t, connection)
 		assert.True(t, addConnection)
 	})
@@ -462,9 +459,9 @@ func Test_AmqpConnectionPool_GetConnection(t *testing.T) {
 		conn := &amqpConnMock{}
 		conn.On("Done", mock.Anything).Return(channelReceiver(channel))
 		return &AmqpConnection{
-			ConnectionName: "test",
+			connectionName: "test",
-			Lock:           sync.RWMutex{},
+			lock:           sync.RWMutex{},
-			Conn:           conn,
+			conn:           conn,
 		}
 	}
 
@@ -475,13 +472,13 @@ func Test_AmqpConnectionPool_GetConnection(t *testing.T) {
 		}
 
 		pool := AmqpConnectionPool{
-			Config:       pkgMessagingCommon.AmqpConnectionPoolConfig{PoolSize: 5},
+			config:       AmqpConnectionPoolConfig{PoolSize: 5},
-			HandleOffset: 0,
+			handleOffset: 0,
-			Lock:         sync.RWMutex{},
+			lock:         sync.RWMutex{},
-			Connections:  connections,
+			connections:  connections,
 		}
 
-		connection, err := pool.GetConnection(&ConnectionPoolHandle{ConnectionOffset: 1})
+		connection, err := pool.GetConnection(&ConnectionPoolHandle{connectionOffset: 1})
 		assert.NoError(t, err)
 		assert.NotNil(t, connection)
 		assert.Equal(t, connections[1], connection)
@@ -495,14 +492,14 @@ func Test_AmqpConnectionPool_GetConnection(t *testing.T) {
 		connectionProvider.On("NewAmqpConnection", mock.Anything, mock.Anything).Return(newActiveConnection())
 
 		pool := AmqpConnectionPool{
-			Config:             pkgMessagingCommon.AmqpConnectionPoolConfig{PoolSize: 5},
+			config:             AmqpConnectionPoolConfig{PoolSize: 5},
-			HandleOffset:       0,
+			handleOffset:       0,
-			Lock:               sync.RWMutex{},
+			lock:               sync.RWMutex{},
-			Connections:        connections,
+			connections:        connections,
-			ConnectionProvider: connectionProvider,
+			connectionProvider: connectionProvider,
 		}
 
-		connection, err := pool.GetConnection(&ConnectionPoolHandle{ConnectionOffset: 1})
+		connection, err := pool.GetConnection(&ConnectionPoolHandle{connectionOffset: 1})
 		assert.NoError(t, err)
 		assert.NotNil(t, connection)
 		assert.Equal(t, connections[1], connection)
@@ -523,21 +520,21 @@ func Test_AmqpConnectionPool_GetConnection(t *testing.T) {
 		var c *amqpConnMock = nil
 		dialer.On("Dial", mock.Anything, mock.Anything, mock.Anything).Return(c, fmt.Errorf("dial error"))
 		connection := &AmqpConnection{
-			ConnectionName: "test",
+			connectionName: "test",
-			Lock:           sync.RWMutex{},
+			lock:           sync.RWMutex{},
-			Dialer:         dialer,
+			dialer:         dialer,
 		}
 		connectionProvider.On("NewAmqpConnection", mock.Anything, mock.Anything).Return(connection)
 
 		pool := AmqpConnectionPool{
-			Config:             pkgMessagingCommon.AmqpConnectionPoolConfig{PoolSize: 5},
+			config:             AmqpConnectionPoolConfig{PoolSize: 5},
-			HandleOffset:       0,
+			handleOffset:       0,
-			Lock:               sync.RWMutex{},
+			lock:               sync.RWMutex{},
-			Connections:        connections,
+			connections:        connections,
-			ConnectionProvider: connectionProvider,
+			connectionProvider: connectionProvider,
 		}
 
-		connection, err := pool.GetConnection(&ConnectionPoolHandle{ConnectionOffset: 1})
+		connection, err := pool.GetConnection(&ConnectionPoolHandle{connectionOffset: 1})
 		assert.NoError(t, err)
 		assert.NotNil(t, connection)
 		assert.Nil(t, connections[1])
@@ -559,21 +556,21 @@ func Test_AmqpConnectionPool_GetConnection(t *testing.T) {
 		var c *amqpConnMock = nil
 		dialer.On("Dial", mock.Anything, mock.Anything, mock.Anything).Return(c, fmt.Errorf("dial error"))
 		connection := &AmqpConnection{
-			ConnectionName: "test",
+			connectionName: "test",
-			Lock:           sync.RWMutex{},
+			lock:           sync.RWMutex{},
-			Dialer:         dialer,
+			dialer:         dialer,
 		}
 		connectionProvider.On("NewAmqpConnection", mock.Anything, mock.Anything).Return(connection)
 
 		pool := AmqpConnectionPool{
-			Config:             pkgMessagingCommon.AmqpConnectionPoolConfig{PoolSize: 5},
+			config:             AmqpConnectionPoolConfig{PoolSize: 5},
-			HandleOffset:       0,
+			handleOffset:       0,
-			Lock:               sync.RWMutex{},
+			lock:               sync.RWMutex{},
-			Connections:        connections,
+			connections:        connections,
-			ConnectionProvider: connectionProvider,
+			connectionProvider: connectionProvider,
 		}
 
-		connection, err := pool.GetConnection(&ConnectionPoolHandle{ConnectionOffset: 1})
+		connection, err := pool.GetConnection(&ConnectionPoolHandle{connectionOffset: 1})
 		assert.EqualError(t, err, "renew connection: new internal connection: internal connect: dial: dial error")
 		assert.Nil(t, connection)
 		assert.Equal(t, 5, len(connections))

audit/messaging/amqp_connection_test.go

@@ -3,14 +3,11 @@ package messaging
 import (
 	"context"
 	"errors"
-	"sync"
-	"testing"
-
 	"github.com/Azure/go-amqp"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
-
+	"sync"
-	pkgCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/messaging/common"
+	"testing"
 )
 
 type amqpConnMock struct {
@@ -22,9 +19,9 @@ func (m *amqpConnMock) Done() <-chan struct{} {
 	return args.Get(0).(<-chan struct{})
 }
 
-func (m *amqpConnMock) NewSession(ctx context.Context, opts *amqp.SessionOptions) (AmqpSession, error) {
+func (m *amqpConnMock) NewSession(ctx context.Context, opts *amqp.SessionOptions) (amqpSession, error) {
 	args := m.Called(ctx, opts)
-	return args.Get(0).(AmqpSession), args.Error(1)
+	return args.Get(0).(amqpSession), args.Error(1)
 }
 
 func (m *amqpConnMock) Close() error {
@@ -32,15 +29,15 @@ func (m *amqpConnMock) Close() error {
 	return args.Error(0)
 }
 
-var _ AmqpConn = (*amqpConnMock)(nil)
+var _ amqpConn = (*amqpConnMock)(nil)
 
 type amqpDialMock struct {
 	mock.Mock
 }
 
-func (m *amqpDialMock) Dial(ctx context.Context, addr string, opts *amqp.ConnOptions) (AmqpConn, error) {
+func (m *amqpDialMock) Dial(ctx context.Context, addr string, opts *amqp.ConnOptions) (amqpConn, error) {
 	args := m.Called(ctx, addr, opts)
-	return args.Get(0).(AmqpConn), args.Error(1)
+	return args.Get(0).(amqpConn), args.Error(1)
 }
 
 var _ amqpDial = (*amqpDialMock)(nil)
@@ -49,9 +46,9 @@ type amqpSessionMock struct {
 	mock.Mock
 }
 
-func (m *amqpSessionMock) NewSender(ctx context.Context, target string, opts *amqp.SenderOptions) (AmqpSender, error) {
+func (m *amqpSessionMock) NewSender(ctx context.Context, target string, opts *amqp.SenderOptions) (amqpSender, error) {
 	args := m.Called(ctx, target, opts)
-	return args.Get(0).(AmqpSender), args.Error(1)
+	return args.Get(0).(amqpSender), args.Error(1)
 }
 
 func (m *amqpSessionMock) Close(ctx context.Context) error {
@@ -59,12 +56,12 @@ func (m *amqpSessionMock) Close(ctx context.Context) error {
 	return args.Error(0)
 }
 
-var _ AmqpSession = (*amqpSessionMock)(nil)
+var _ amqpSession = (*amqpSessionMock)(nil)
 
 func Test_AmqpConnection_IsClosed(t *testing.T) {
 	connection := &AmqpConnection{
-		ConnectionName: "test",
+		connectionName: "test",
-		Lock:           sync.RWMutex{},
+		lock:           sync.RWMutex{},
 	}
 
 	channelReceiver := func(channel chan struct{}) <-chan struct{} {
@@ -80,7 +77,7 @@ func Test_AmqpConnection_IsClosed(t *testing.T) {
 		close(channel)
 		amqpConnMock := &amqpConnMock{}
 		amqpConnMock.On("Done").Return(channelReceiver(channel))
-		connection.Conn = amqpConnMock
+		connection.conn = amqpConnMock
 
 		assert.True(t, connection.IsClosed())
 	})
@@ -89,7 +86,7 @@ func Test_AmqpConnection_IsClosed(t *testing.T) {
 		channel := make(chan struct{})
 		amqpConnMock := &amqpConnMock{}
 		amqpConnMock.On("Done").Return(channelReceiver(channel))
-		connection.Conn = amqpConnMock
+		connection.conn = amqpConnMock
 
 		assert.False(t, connection.IsClosed())
 	})
@@ -97,8 +94,8 @@ func Test_AmqpConnection_IsClosed(t *testing.T) {
 
 func Test_AmqpConnection_Close(t *testing.T) {
 	connection := &AmqpConnection{
-		ConnectionName: "test",
+		connectionName: "test",
-		Lock:           sync.RWMutex{},
+		lock:           sync.RWMutex{},
 	}
 
 	t.Run("already closed", func(t *testing.T) {
@@ -110,66 +107,66 @@ func Test_AmqpConnection_Close(t *testing.T) {
 
 		amqpConnMock := &amqpConnMock{}
 		amqpConnMock.On("Close").Return(err)
-		connection.Conn = amqpConnMock
+		connection.conn = amqpConnMock
 
 		assert.EqualError(t, connection.Close(), "internal close: connection close: test error")
-		assert.NotNil(t, connection.Conn)
+		assert.NotNil(t, connection.conn)
 		amqpConnMock.AssertNumberOfCalls(t, "Close", 1)
 	})
 
 	t.Run("close without error", func(t *testing.T) {
 		amqpConnMock := &amqpConnMock{}
 		amqpConnMock.On("Close").Return(nil)
-		connection.Conn = amqpConnMock
+		connection.conn = amqpConnMock
 
 		assert.Nil(t, connection.Close())
-		assert.Nil(t, connection.Conn)
+		assert.Nil(t, connection.conn)
 		amqpConnMock.AssertNumberOfCalls(t, "Close", 1)
 	})
 }
 
 func Test_AmqpConnection_Connect(t *testing.T) {
 	connection := &AmqpConnection{
-		ConnectionName: "test",
+		connectionName: "test",
-		Lock:           sync.RWMutex{},
+		lock:           sync.RWMutex{},
 	}
 
 	t.Run("already connected", func(t *testing.T) {
-		connection.Conn = &amqpConnMock{}
+		connection.conn = &amqpConnMock{}
 		assert.NoError(t, connection.Connect())
 	})
 
 	t.Run("dial error", func(t *testing.T) {
-		connection.Conn = nil
+		connection.conn = nil
-		connection.Username = "user"
+		connection.username = "user"
-		connection.Password = "pass"
+		connection.password = "pass"
 
 		amqpDialMock := &amqpDialMock{}
 		var c *amqpConnMock = nil
 		amqpDialMock.On("Dial", mock.Anything, mock.Anything, mock.Anything).Return(c, errors.New("test error"))
-		connection.Dialer = amqpDialMock
+		connection.dialer = amqpDialMock
 
 		assert.EqualError(t, connection.Connect(), "internal connect: dial: test error")
-		assert.Nil(t, connection.Conn)
+		assert.Nil(t, connection.conn)
 	})
 
 	t.Run("connect without error", func(t *testing.T) {
-		connection.Conn = nil
+		connection.conn = nil
 
 		amqpDialMock := &amqpDialMock{}
 		amqpConn := &amqpConnMock{}
 		amqpDialMock.On("Dial", mock.Anything, mock.Anything, mock.Anything).Return(amqpConn, nil)
-		connection.Dialer = amqpDialMock
+		connection.dialer = amqpDialMock
 
 		assert.NoError(t, connection.Connect())
-		assert.Equal(t, amqpConn, connection.Conn)
+		assert.Equal(t, amqpConn, connection.conn)
 	})
 }
 
 func Test_AmqpConnection_NewSender(t *testing.T) {
 	connection := &AmqpConnection{
-		ConnectionName: "test",
+		connectionName: "test",
-		Lock:           sync.RWMutex{},
+		lock:           sync.RWMutex{},
 	}
 
 	channelReceiver := func(channel chan struct{}) <-chan struct{} {
@@ -188,7 +185,7 @@ func Test_AmqpConnection_NewSender(t *testing.T) {
 
 		conn := &amqpConnMock{}
 		conn.On("Done").Return(channelReceiver(channel))
-		connection.Conn = conn
+		connection.conn = conn
 
 		sender, err := connection.NewSender(context.Background(), "topic")
 		assert.EqualError(t, err, "amqp connection is closed")
@@ -202,7 +199,7 @@ func Test_AmqpConnection_NewSender(t *testing.T) {
 		conn := &amqpConnMock{}
 		conn.On("NewSession", mock.Anything, mock.Anything).Return(session, errors.New("test error"))
 		conn.On("Done").Return(channelReceiver(channel))
-		connection.Conn = conn
+		connection.conn = conn
 
 		sender, err := connection.NewSender(context.Background(), "topic")
 		assert.EqualError(t, err, "new session: test error")
@@ -220,7 +217,7 @@ func Test_AmqpConnection_NewSender(t *testing.T) {
 		conn := &amqpConnMock{}
 		conn.On("Done").Return(channelReceiver(channel))
 		conn.On("NewSession", mock.Anything, mock.Anything).Return(sessionMock, nil)
-		connection.Conn = conn
+		connection.conn = conn
 
 		sender, err := connection.NewSender(context.Background(), "topic")
 		assert.EqualError(t, err, "new internal sender: test error")
@@ -238,7 +235,7 @@ func Test_AmqpConnection_NewSender(t *testing.T) {
 		conn := &amqpConnMock{}
 		conn.On("Done").Return(channelReceiver(channel))
 		conn.On("NewSession", mock.Anything, mock.Anything).Return(sessionMock, nil)
-		connection.Conn = conn
+		connection.conn = conn
 
 		sender, err := connection.NewSender(context.Background(), "topic")
 		assert.EqualError(t, err, "new internal sender: test error\nclose session: close error")
@@ -255,29 +252,29 @@ func Test_AmqpConnection_NewSender(t *testing.T) {
 		conn := &amqpConnMock{}
 		conn.On("Done").Return(channelReceiver(channel))
 		conn.On("NewSession", mock.Anything, mock.Anything).Return(sessionMock, nil)
-		connection.Conn = conn
+		connection.conn = conn
 
 		sender, err := connection.NewSender(context.Background(), "topic")
 		assert.NoError(t, err)
 		assert.NotNil(t, sender)
-		assert.Equal(t, amqpSender, sender.Sender)
+		assert.Equal(t, amqpSender, sender.sender)
-		assert.Equal(t, sessionMock, sender.Session)
+		assert.Equal(t, sessionMock, sender.session)
 	})
 }
 
 func Test_AmqpConnection_NewAmqpConnection(t *testing.T) {
-	config := pkgCommon.AmqpConnectionConfig{
+	config := AmqpConnectionConfig{
 		BrokerUrl: "brokerUrl",
 		Username:  "username",
 		Password:  "password",
 	}
 	connection := NewAmqpConnection(config, "connectionName")
 	assert.NotNil(t, connection)
-	assert.Equal(t, connection.ConnectionName, "connectionName")
+	assert.Equal(t, connection.connectionName, "connectionName")
-	assert.Equal(t, connection.BrokerUrl, "brokerUrl")
+	assert.Equal(t, connection.brokerUrl, "brokerUrl")
-	assert.Equal(t, connection.Username, "username")
+	assert.Equal(t, connection.username, "username")
-	assert.Equal(t, connection.Password, "password")
+	assert.Equal(t, connection.password, "password")
-	assert.NotNil(t, connection.Dialer)
+	assert.NotNil(t, connection.dialer)
 }
 
 func Test_As(t *testing.T) {

audit/messaging/amqp_sender_session.go

@@ -4,22 +4,19 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"github.com/Azure/go-amqp"
 	"strings"
 	"time"
-
-	"github.com/Azure/go-amqp"
 )
 
-const amqpTopicPrefix = "topic://"
+type amqpSender interface {
-
-type AmqpSender interface {
 	Send(ctx context.Context, msg *amqp.Message, opts *amqp.SendOptions) error
 	Close(ctx context.Context) error
 }
 
 type AmqpSenderSession struct {
-	Session AmqpSession
+	session amqpSession
-	Sender  AmqpSender
+	sender  amqpSender
 }
 
 func (s *AmqpSenderSession) Send(
@@ -29,11 +26,11 @@ func (s *AmqpSenderSession) Send(
 	applicationProperties map[string]any,
 ) error {
 	// check topic name
-	if !strings.HasPrefix(topic, amqpTopicPrefix) {
+	if !strings.HasPrefix(topic, AmqpTopicPrefix) {
 		return fmt.Errorf(
 			"topic %q name lacks mandatory prefix %q",
 			topic,
-			amqpTopicPrefix,
+			AmqpTopicPrefix,
 		)
 	}
 
@@ -57,7 +54,7 @@ func (s *AmqpSenderSession) Send(
 	// send
 	ctx, cancelFn := context.WithTimeout(context.Background(), 10*time.Second)
 	defer cancelFn()
-	return s.Sender.Send(ctx, &message, nil)
+	return s.sender.Send(ctx, &message, nil)
 }
 
 func (s *AmqpSenderSession) Close() error {
@@ -65,11 +62,11 @@ func (s *AmqpSenderSession) Close() error {
 	defer cancelFn()
 
 	var closeErrors []error
-	senderErr := s.Sender.Close(ctx)
+	senderErr := s.sender.Close(ctx)
 	if senderErr != nil {
 		closeErrors = append(closeErrors, senderErr)
 	}
-	sessionErr := s.Session.Close(ctx)
+	sessionErr := s.session.Close(ctx)
 	if sessionErr != nil {
 		closeErrors = append(closeErrors, sessionErr)
 	}

audit/messaging/amqp_sender_session_test.go

@@ -3,11 +3,10 @@ package messaging
 import (
 	"context"
 	"errors"
-	"testing"
-
 	"github.com/Azure/go-amqp"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
+	"testing"
 )
 
 type amqpSenderMock struct {
@@ -22,7 +21,7 @@ func (m *amqpSenderMock) Close(ctx context.Context) error {
 	return m.Called(ctx).Error(0)
 }
 
-var _ AmqpSender = (*amqpSenderMock)(nil)
+var _ amqpSender = (*amqpSenderMock)(nil)
 
 func Test_AmqpSenderSession_Close(t *testing.T) {
 
@@ -33,8 +32,8 @@ func Test_AmqpSenderSession_Close(t *testing.T) {
 		session.On("Close", mock.Anything).Return(nil)
 
 		senderSession := &AmqpSenderSession{
-			Sender:  sender,
+			sender:  sender,
-			Session: session,
+			session: session,
 		}
 
 		err := senderSession.Close()
@@ -51,8 +50,8 @@ func Test_AmqpSenderSession_Close(t *testing.T) {
 		session.On("Close", mock.Anything).Return(nil)
 
 		senderSession := &AmqpSenderSession{
-			Sender:  sender,
+			sender:  sender,
-			Session: session,
+			session: session,
 		}
 
 		err := senderSession.Close()
@@ -69,8 +68,8 @@ func Test_AmqpSenderSession_Close(t *testing.T) {
 		session.On("Close", mock.Anything).Return(errors.New("session error"))
 
 		senderSession := &AmqpSenderSession{
-			Sender:  sender,
+			sender:  sender,
-			Session: session,
+			session: session,
 		}
 
 		err := senderSession.Close()
@@ -87,8 +86,8 @@ func Test_AmqpSenderSession_Close(t *testing.T) {
 		session.On("Close", mock.Anything).Return(errors.New("session error"))
 
 		senderSession := &AmqpSenderSession{
-			Sender:  sender,
+			sender:  sender,
-			Session: session,
+			session: session,
 		}
 
 		err := senderSession.Close()
@@ -106,8 +105,8 @@ func Test_AmqpSenderSession_Send(t *testing.T) {
 		session := &amqpSessionMock{}
 
 		senderSession := &AmqpSenderSession{
-			Sender:  sender,
+			sender:  sender,
-			Session: session,
+			session: session,
 		}
 
 		data := [][]byte{[]byte("data")}
@@ -120,8 +119,8 @@ func Test_AmqpSenderSession_Send(t *testing.T) {
 		session := &amqpSessionMock{}
 
 		senderSession := &AmqpSenderSession{
-			Sender:  sender,
+			sender:  sender,
-			Session: session,
+			session: session,
 		}
 
 		data := [][]byte{[]byte("data")}
@@ -135,8 +134,8 @@ func Test_AmqpSenderSession_Send(t *testing.T) {
 		session := &amqpSessionMock{}
 
 		senderSession := &AmqpSenderSession{
-			Sender:  sender,
+			sender:  sender,
-			Session: session,
+			session: session,
 		}
 
 		data := [][]byte{[]byte("data")}
@@ -172,8 +171,8 @@ func Test_AmqpSenderSession_Send(t *testing.T) {
 		session := &amqpSessionMock{}
 
 		senderSession := &AmqpSenderSession{
-			Sender:  sender,
+			sender:  sender,
-			Session: session,
+			session: session,
 		}
 
 		data := [][]byte{[]byte("data")}

audit/messaging/messaging.go

@@ -1,30 +1,50 @@
-package api
+package messaging
 
 import (
 	"context"
+	"dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/log"
 	"errors"
 	"fmt"
 	"sync"
 	"time"
-
-	internalMessaging "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/internal/messaging"
-	pkgLog "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/log"
-	pkgMessagingCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/messaging/common"
 )
 
+// Api is an abstraction for a messaging system that can be used to send
+// audit logs to the audit log system.
+type Api interface {
+
+	// Send method will send the given data to the specified topic synchronously.
+	//  Parameters:
+	//  * ctx - the context object
+	//  * topic - the messaging topic where to send the data to
+	//  * data - the serialized data as byte array
+	//  * contentType - the contentType of the serialized data
+	//  * applicationProperties - properties to send with the message (i.e. cloud event headers)
+	//
+	// It returns technical errors for connection issues or sending problems.
+	Send(ctx context.Context, topic string, data []byte, contentType string, applicationProperties map[string]any) error
+
+	// Close the underlying connection to the messaging system.
+	//  Parameters:
+	//  * ctx - the context object
+	//
+	// It returns an error if the connection cannot be closed successfully
+	Close(ctx context.Context) error
+}
+
 // AmqpApi implements Api.
 type AmqpApi struct {
-	connection           *internalMessaging.AmqpConnection
+	connection           *AmqpConnection
-	connectionPool       internalMessaging.ConnectionPool
+	connectionPool       ConnectionPool
-	connectionPoolHandle *internalMessaging.ConnectionPoolHandle
+	connectionPoolHandle *ConnectionPoolHandle
-	senderCache          map[string]*internalMessaging.AmqpSenderSession
+	senderCache          map[string]*AmqpSenderSession
 	lock                 sync.RWMutex
 }
 
 var _ Api = &AmqpApi{}
 
-func NewDefaultAmqpApi(amqpConfig pkgMessagingCommon.AmqpConnectionConfig) (Api, error) {
+func NewDefaultAmqpApi(amqpConfig AmqpConnectionConfig) (Api, error) {
-	connectionPool, err := internalMessaging.NewDefaultAmqpConnectionPool(amqpConfig, "sdk")
+	connectionPool, err := NewDefaultAmqpConnectionPool(amqpConfig, "sdk")
 	if err != nil {
 		return nil, fmt.Errorf("new amqp connection pool: %w", err)
 	}
@@ -32,15 +52,15 @@ func NewDefaultAmqpApi(amqpConfig pkgMessagingCommon.AmqpConnectionConfig) (Api,
 	amqpApi := &AmqpApi{
 		connectionPool:       connectionPool,
 		connectionPoolHandle: connectionPool.NewHandle(),
-		senderCache:          make(map[string]*internalMessaging.AmqpSenderSession),
+		senderCache:          make(map[string]*AmqpSenderSession),
 	}
 
 	var messagingApi Api = amqpApi
 	return messagingApi, nil
 }
 
-func NewAmqpApi(amqpConfig pkgMessagingCommon.AmqpConnectionPoolConfig) (Api, error) {
+func NewAmqpApi(amqpConfig AmqpConnectionPoolConfig) (Api, error) {
-	connectionPool, err := internalMessaging.NewAmqpConnectionPool(amqpConfig, "sdk")
+	connectionPool, err := NewAmqpConnectionPool(amqpConfig, "sdk")
 	if err != nil {
 		return nil, fmt.Errorf("new amqp connection pool: %w", err)
 	}
@@ -48,7 +68,7 @@ func NewAmqpApi(amqpConfig pkgMessagingCommon.AmqpConnectionPoolConfig) (Api, er
 	amqpApi := &AmqpApi{
 		connectionPool:       connectionPool,
 		connectionPoolHandle: connectionPool.NewHandle(),
-		senderCache:          make(map[string]*internalMessaging.AmqpSenderSession),
+		senderCache:          make(map[string]*AmqpSenderSession),
 	}
 
 	var messagingApi Api = amqpApi
@@ -90,7 +110,7 @@ func (a *AmqpApi) Send(_ context.Context, topic string, data []byte, contentType
 	return nil
 }
 
-func (a *AmqpApi) senderFromCache(topic string) *internalMessaging.AmqpSenderSession {
+func (a *AmqpApi) senderFromCache(topic string) *AmqpSenderSession {
 	a.lock.RLock()
 	defer a.lock.RUnlock()
 	return a.senderCache[topic]
@@ -122,7 +142,7 @@ func (a *AmqpApi) newSender(topic string) error {
 
 // Close implements Api.Close
 func (a *AmqpApi) Close(_ context.Context) error {
-	pkgLog.AuditLogger.Info("close audit amqp connection pool")
+	log.AuditLogger.Info("close audit amqp connection pool")
 
 	a.lock.Lock()
 	defer a.lock.Unlock()

audit/messaging/messaging_test.go

@@ -1,73 +1,16 @@
-package api
+package messaging
 
 import (
 	"context"
 	"errors"
 	"fmt"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/mock"
 	"sync"
 	"testing"
 	"time"
-
-	"github.com/Azure/go-amqp"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/mock"
-
-	internalMessaging "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/internal/messaging"
-	pkgMessagingCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/messaging/common"
-	pkgMessagingTest "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/messaging/test"
 )
 
-type amqpConnMock struct {
-	mock.Mock
-}
-
-func (m *amqpConnMock) Done() <-chan struct{} {
-	args := m.Called()
-	return args.Get(0).(<-chan struct{})
-}
-
-func (m *amqpConnMock) NewSession(ctx context.Context, opts *amqp.SessionOptions) (internalMessaging.AmqpSession, error) {
-	args := m.Called(ctx, opts)
-	return args.Get(0).(internalMessaging.AmqpSession), args.Error(1)
-}
-
-func (m *amqpConnMock) Close() error {
-	args := m.Called()
-	return args.Error(0)
-}
-
-var _ internalMessaging.AmqpConn = (*amqpConnMock)(nil)
-
-type amqpSenderMock struct {
-	mock.Mock
-}
-
-func (m *amqpSenderMock) Send(ctx context.Context, msg *amqp.Message, opts *amqp.SendOptions) error {
-	return m.Called(ctx, msg, opts).Error(0)
-}
-
-func (m *amqpSenderMock) Close(ctx context.Context) error {
-	return m.Called(ctx).Error(0)
-}
-
-var _ internalMessaging.AmqpSender = (*amqpSenderMock)(nil)
-
-type amqpSessionMock struct {
-	mock.Mock
-}
-
-func (m *amqpSessionMock) NewSender(ctx context.Context, target string, opts *amqp.SenderOptions) (internalMessaging.AmqpSender, error) {
-	args := m.Called(ctx, target, opts)
-	return args.Get(0).(internalMessaging.AmqpSender), args.Error(1)
-}
-
-func (m *amqpSessionMock) Close(ctx context.Context) error {
-	args := m.Called(ctx)
-	return args.Error(0)
-}
-
-var _ internalMessaging.AmqpSession = (*amqpSessionMock)(nil)
-
 type connectionPoolMock struct {
 	mock.Mock
 }
@@ -76,20 +19,20 @@ func (m *connectionPoolMock) Close() error {
 	return m.Called().Error(0)
 }
 
-func (m *connectionPoolMock) NewHandle() *internalMessaging.ConnectionPoolHandle {
+func (m *connectionPoolMock) NewHandle() *ConnectionPoolHandle {
-	return m.Called().Get(0).(*internalMessaging.ConnectionPoolHandle)
+	return m.Called().Get(0).(*ConnectionPoolHandle)
 }
 
-func (m *connectionPoolMock) GetConnection(handle *internalMessaging.ConnectionPoolHandle) (*internalMessaging.AmqpConnection, error) {
+func (m *connectionPoolMock) GetConnection(handle *ConnectionPoolHandle) (*AmqpConnection, error) {
-	return m.Called(handle).Get(0).(*internalMessaging.AmqpConnection), m.Called(handle).Error(1)
+	return m.Called(handle).Get(0).(*AmqpConnection), m.Called(handle).Error(1)
 }
 
-var _ internalMessaging.ConnectionPool = (*connectionPoolMock)(nil)
+var _ ConnectionPool = (*connectionPoolMock)(nil)
 
 func Test_NewAmqpMessagingApi(t *testing.T) {
 	_, err := NewAmqpApi(
-		pkgMessagingCommon.AmqpConnectionPoolConfig{
+		AmqpConnectionPoolConfig{
-			Parameters: pkgMessagingCommon.AmqpConnectionConfig{BrokerUrl: "not-handled-protocol://localhost:5672"},
+			Parameters: AmqpConnectionConfig{BrokerUrl: "not-handled-protocol://localhost:5672"},
 			PoolSize:   1,
 		})
 	assert.EqualError(t, err, "new amqp connection pool: initialize connections: new connection: new internal connection: internal connect: dial: unsupported scheme \"not-handled-protocol\"")
@@ -101,15 +44,15 @@ func Test_AmqpMessagingApi_Send(t *testing.T) {
 	defer cancelFn()
 
 	// Start solace docker container
-	solaceContainer, err := pkgMessagingTest.NewSolaceContainer(context.Background())
+	solaceContainer, err := NewSolaceContainer(context.Background())
 	assert.NoError(t, err)
 	defer solaceContainer.Stop()
 
 	t.Run("Missing topic prefix", func(t *testing.T) {
 		defer solaceContainer.StopOnError()
 
-		api, err := NewAmqpApi(pkgMessagingCommon.AmqpConnectionPoolConfig{
+		api, err := NewAmqpApi(AmqpConnectionPoolConfig{
-			Parameters: pkgMessagingCommon.AmqpConnectionConfig{BrokerUrl: solaceContainer.AmqpConnectionString},
+			Parameters: AmqpConnectionConfig{BrokerUrl: solaceContainer.AmqpConnectionString},
 			PoolSize:   1,
 		})
 		assert.NoError(t, err)
@@ -129,7 +72,7 @@ func Test_AmqpMessagingApi_Send(t *testing.T) {
 		topicName := fmt.Sprintf("topic://auditlog/%s", "amqp-send-successfully")
 		assert.NoError(t, solaceContainer.ValidateTopicName(topicSubscriptionTopicPattern, topicName))
 
-		api, err := NewDefaultAmqpApi(pkgMessagingCommon.AmqpConnectionConfig{BrokerUrl: solaceContainer.AmqpConnectionString})
+		api, err := NewDefaultAmqpApi(AmqpConnectionConfig{BrokerUrl: solaceContainer.AmqpConnectionString})
 		assert.NoError(t, err)
 
 		data := []byte("data")
@@ -157,27 +100,27 @@ func Test_AmqpMessagingApi_Send_Special_Cases(t *testing.T) {
 		return channel
 	}
 
-	newActiveConnection := func() *internalMessaging.AmqpConnection {
+	newActiveConnection := func() *AmqpConnection {
 		channel := make(chan struct{})
 		conn := &amqpConnMock{}
 		conn.On("Done", mock.Anything).Return(channelReceiver(channel))
-		return &internalMessaging.AmqpConnection{
+		return &AmqpConnection{
-			ConnectionName: "test",
+			connectionName: "test",
-			Lock:           sync.RWMutex{},
+			lock:           sync.RWMutex{},
-			Conn:           conn,
+			conn:           conn,
 		}
 	}
 
-	newClosedConnection := func() *internalMessaging.AmqpConnection {
+	newClosedConnection := func() *AmqpConnection {
 		channel := make(chan struct{})
 		close(channel)
 
 		conn := &amqpConnMock{}
 		conn.On("Done", mock.Anything).Return(channelReceiver(channel))
-		return &internalMessaging.AmqpConnection{
+		return &AmqpConnection{
-			ConnectionName: "test",
+			connectionName: "test",
-			Lock:           sync.RWMutex{},
+			lock:           sync.RWMutex{},
-			Conn:           conn,
+			conn:           conn,
 		}
 	}
 
@@ -189,7 +132,7 @@ func Test_AmqpMessagingApi_Send_Special_Cases(t *testing.T) {
 		session.On("NewSender", mock.Anything, mock.Anything, mock.Anything).Return(sender, nil)
 
 		connection := newActiveConnection()
-		conn := connection.Conn.(*amqpConnMock)
+		conn := connection.conn.(*amqpConnMock)
 		conn.On("NewSession", mock.Anything, mock.Anything).Return(session, nil)
 
 		pool := &connectionPoolMock{}
@@ -197,8 +140,8 @@ func Test_AmqpMessagingApi_Send_Special_Cases(t *testing.T) {
 
 		amqpApi := &AmqpApi{
 			connectionPool:       pool,
-			connectionPoolHandle: &internalMessaging.ConnectionPoolHandle{ConnectionOffset: 0},
+			connectionPoolHandle: &ConnectionPoolHandle{connectionOffset: 0},
-			senderCache:          make(map[string]*internalMessaging.AmqpSenderSession),
+			senderCache:          make(map[string]*AmqpSenderSession),
 		}
 
 		err := amqpApi.Send(context.Background(), "topic://some-topic", []byte("data"), "application/json", make(map[string]any))
@@ -217,19 +160,19 @@ func Test_AmqpMessagingApi_Send_Special_Cases(t *testing.T) {
 		session.On("NewSender", mock.Anything, mock.Anything, mock.Anything).Return(sender, nil)
 
 		connection := newActiveConnection()
-		conn := connection.Conn.(*amqpConnMock)
+		conn := connection.conn.(*amqpConnMock)
 		conn.On("NewSession", mock.Anything, mock.Anything).Return(session, nil)
 
 		pool := &connectionPoolMock{}
 		pool.On("GetConnection", mock.Anything).Return(connection, nil)
 
 		closedConnection := newClosedConnection()
-		closedConnMock := closedConnection.Conn.(*amqpConnMock)
+		closedConnMock := closedConnection.conn.(*amqpConnMock)
 		amqpApi := &AmqpApi{
 			connection:           closedConnection,
 			connectionPool:       pool,
-			connectionPoolHandle: &internalMessaging.ConnectionPoolHandle{ConnectionOffset: 0},
+			connectionPoolHandle: &ConnectionPoolHandle{connectionOffset: 0},
-			senderCache:          make(map[string]*internalMessaging.AmqpSenderSession),
+			senderCache:          make(map[string]*AmqpSenderSession),
 		}
 
 		err := amqpApi.Send(context.Background(), "topic://some-topic", []byte("data"), "application/json", make(map[string]any))
@@ -242,15 +185,15 @@ func Test_AmqpMessagingApi_Send_Special_Cases(t *testing.T) {
 	})
 
 	t.Run("connection nil get connection fail", func(t *testing.T) {
-		var connection *internalMessaging.AmqpConnection = nil
+		var connection *AmqpConnection = nil
 
 		pool := &connectionPoolMock{}
 		pool.On("GetConnection", mock.Anything).Return(connection, errors.New("connection error"))
 
 		amqpApi := &AmqpApi{
 			connectionPool:       pool,
-			connectionPoolHandle: &internalMessaging.ConnectionPoolHandle{ConnectionOffset: 0},
+			connectionPoolHandle: &ConnectionPoolHandle{connectionOffset: 0},
-			senderCache:          make(map[string]*internalMessaging.AmqpSenderSession),
+			senderCache:          make(map[string]*AmqpSenderSession),
 		}
 
 		err := amqpApi.Send(context.Background(), "topic://some-topic", []byte("data"), "application/json", make(map[string]any))
@@ -267,12 +210,12 @@ func Test_AmqpMessagingApi_Send_Special_Cases(t *testing.T) {
 		session.On("NewSender", mock.Anything, mock.Anything, mock.Anything).Return(sender, nil)
 
 		connection := newActiveConnection()
-		conn := connection.Conn.(*amqpConnMock)
+		conn := connection.conn.(*amqpConnMock)
 		conn.On("NewSession", mock.Anything, mock.Anything).Return(session, nil)
 
 		amqpApi := &AmqpApi{
 			connection:  connection,
-			senderCache: make(map[string]*internalMessaging.AmqpSenderSession),
+			senderCache: make(map[string]*AmqpSenderSession),
 		}
 
 		err := amqpApi.Send(context.Background(), "topic://some-topic", []byte("data"), "application/json", make(map[string]any))
@@ -290,12 +233,12 @@ func Test_AmqpMessagingApi_Send_Special_Cases(t *testing.T) {
 		session.On("Close", mock.Anything).Return(nil)
 
 		connection := newActiveConnection()
-		conn := connection.Conn.(*amqpConnMock)
+		conn := connection.conn.(*amqpConnMock)
 		conn.On("NewSession", mock.Anything, mock.Anything).Return(session, nil)
 
 		amqpApi := &AmqpApi{
 			connection:  connection,
-			senderCache: make(map[string]*internalMessaging.AmqpSenderSession),
+			senderCache: make(map[string]*AmqpSenderSession),
 		}
 
 		err := amqpApi.Send(context.Background(), "topic://some-topic", []byte("data"), "application/json", make(map[string]any))
@@ -312,7 +255,7 @@ func Test_AmqpMessagingApi_Send_Special_Cases(t *testing.T) {
 		topic := "topic://some-topic"
 		amqpApi := &AmqpApi{
 			connection:  newActiveConnection(),
-			senderCache: map[string]*internalMessaging.AmqpSenderSession{topic: {Sender: sender}},
+			senderCache: map[string]*AmqpSenderSession{topic: {sender: sender}},
 		}
 
 		err := amqpApi.Send(context.Background(), topic, []byte("data"), "application/json", make(map[string]any))
@@ -330,10 +273,10 @@ func Test_AmqpMessagingApi_Send_Special_Cases(t *testing.T) {
 
 		topic := "topic://some-topic"
 		connection := newActiveConnection()
-		connection.Conn.(*amqpConnMock).On("NewSession", mock.Anything, mock.Anything, mock.Anything).Return(session, nil)
+		connection.conn.(*amqpConnMock).On("NewSession", mock.Anything, mock.Anything, mock.Anything).Return(session, nil)
 		amqpApi := &AmqpApi{
 			connection:  connection,
-			senderCache: map[string]*internalMessaging.AmqpSenderSession{topic: {Sender: sender}},
+			senderCache: map[string]*AmqpSenderSession{topic: {sender: sender}},
 		}
 
 		err := amqpApi.Send(context.Background(), topic, []byte("data"), "application/json", make(map[string]any))
@@ -351,8 +294,8 @@ func Test_AmqpMessagingApi_Close(t *testing.T) {
 
 		amqpApi := &AmqpApi{
 			connectionPool:       pool,
-			connectionPoolHandle: &internalMessaging.ConnectionPoolHandle{ConnectionOffset: 0},
+			connectionPoolHandle: &ConnectionPoolHandle{connectionOffset: 0},
-			senderCache:          make(map[string]*internalMessaging.AmqpSenderSession),
+			senderCache:          make(map[string]*AmqpSenderSession),
 		}
 
 		err := amqpApi.Close(context.Background())
@@ -367,8 +310,8 @@ func Test_AmqpMessagingApi_Close(t *testing.T) {
 
 		amqpApi := &AmqpApi{
 			connectionPool:       pool,
-			connectionPoolHandle: &internalMessaging.ConnectionPoolHandle{ConnectionOffset: 0},
+			connectionPoolHandle: &ConnectionPoolHandle{connectionOffset: 0},
-			senderCache:          make(map[string]*internalMessaging.AmqpSenderSession),
+			senderCache:          make(map[string]*AmqpSenderSession),
 		}
 
 		err := amqpApi.Close(context.Background())
@@ -385,15 +328,15 @@ func Test_AmqpMessagingApi_Close(t *testing.T) {
 		session.On("Close", mock.Anything).Return(nil)
 		sender := &amqpSenderMock{}
 		sender.On("Close", mock.Anything).Return(nil)
-		senderSession := &internalMessaging.AmqpSenderSession{
+		senderSession := &AmqpSenderSession{
-			Session: session,
+			session: session,
-			Sender:  sender,
+			sender:  sender,
 		}
 
 		amqpApi := &AmqpApi{
 			connectionPool:       pool,
-			connectionPoolHandle: &internalMessaging.ConnectionPoolHandle{ConnectionOffset: 0},
+			connectionPoolHandle: &ConnectionPoolHandle{connectionOffset: 0},
-			senderCache:          map[string]*internalMessaging.AmqpSenderSession{"key": senderSession},
+			senderCache:          map[string]*AmqpSenderSession{"key": senderSession},
 		}
 
 		err := amqpApi.Close(context.Background())
@@ -413,15 +356,15 @@ func Test_AmqpMessagingApi_Close(t *testing.T) {
 		session.On("Close", mock.Anything).Return(nil)
 		sender := &amqpSenderMock{}
 		sender.On("Close", mock.Anything).Return(errors.New("close sender error"))
-		senderSession := &internalMessaging.AmqpSenderSession{
+		senderSession := &AmqpSenderSession{
-			Session: session,
+			session: session,
-			Sender:  sender,
+			sender:  sender,
 		}
 
 		amqpApi := &AmqpApi{
 			connectionPool:       pool,
-			connectionPoolHandle: &internalMessaging.ConnectionPoolHandle{ConnectionOffset: 0},
+			connectionPoolHandle: &ConnectionPoolHandle{connectionOffset: 0},
-			senderCache:          map[string]*internalMessaging.AmqpSenderSession{"key": senderSession},
+			senderCache:          map[string]*AmqpSenderSession{"key": senderSession},
 		}
 
 		err := amqpApi.Close(context.Background())
@@ -441,15 +384,15 @@ func Test_AmqpMessagingApi_Close(t *testing.T) {
 		session.On("Close", mock.Anything).Return(errors.New("close session error"))
 		sender := &amqpSenderMock{}
 		sender.On("Close", mock.Anything).Return(errors.New("close sender error"))
-		senderSession := &internalMessaging.AmqpSenderSession{
+		senderSession := &AmqpSenderSession{
-			Session: session,
+			session: session,
-			Sender:  sender,
+			sender:  sender,
 		}
 
 		amqpApi := &AmqpApi{
 			connectionPool:       pool,
-			connectionPoolHandle: &internalMessaging.ConnectionPoolHandle{ConnectionOffset: 0},
+			connectionPoolHandle: &ConnectionPoolHandle{connectionOffset: 0},
-			senderCache:          map[string]*internalMessaging.AmqpSenderSession{"key": senderSession},
+			senderCache:          map[string]*AmqpSenderSession{"key": senderSession},
 		}
 
 		err := amqpApi.Close(context.Background())

audit/messaging/solace.go

@@ -1,28 +1,25 @@
-package test
+package messaging
 
 import (
 	"bytes"
 	"context"
+	"dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/log"
 	"encoding/json"
 	"errors"
 	"fmt"
+	"github.com/Azure/go-amqp"
+	"github.com/testcontainers/testcontainers-go"
+	"github.com/testcontainers/testcontainers-go/wait"
 	"io"
 	"net/http"
 	"regexp"
 	"strings"
 	"time"
-
-	"github.com/Azure/go-amqp"
-	docker "github.com/docker/docker/api/types/container"
-	"github.com/testcontainers/testcontainers-go"
-	"github.com/testcontainers/testcontainers-go/wait"
-
-	pkgLog "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/log"
 )
 
-const AmqpQueuePrefix = "queue://"
+const (
-const AmqpTopicPrefix = "topic://"
+	AmqpQueuePrefix = "queue://"
-const dockerImage = "schwarzit-docker.jfrog.io/solace/solace-pubsub-standard:10.8.1.241"
+)
 
 var ErrResourceNotFound = errors.New("resource not found")
 
@@ -135,13 +132,12 @@ func NewSolaceContainer(ctx context.Context) (*SolaceContainer, error) {
 
 	// Start docker container
 	request := testcontainers.ContainerRequest{
-		Image:        dockerImage,
+		Image:        "solace/solace-pubsub-standard:10.8",
 		ExposedPorts: []string{"5672/tcp", "8080/tcp"},
-		HostConfigModifier: func(config *docker.HostConfig) {
+		SkipReaper:   true,
-			config.AutoRemove = true
+		AutoRemove:   true,
-			config.ShmSize = 1024 * 1024 * 1024 // 1 GB,
+		ShmSize:      1024 * 1024 * 1024, // 1 GB,
-		},
+		Env:          env,
-		Env: env,
 		WaitingFor: wait.ForLog("Running pre-startup checks:").
 			WithStartupTimeout(90 * time.Second),
 	}
@@ -171,7 +167,7 @@ func NewSolaceContainer(ctx context.Context) (*SolaceContainer, error) {
 		_ = container.Terminate(ctx)
 		return nil, err
 	}
-	pkgLog.AuditLogger.Info("UI Port: " + sempPort.Port())
+	log.AuditLogger.Info("UI Port: " + sempPort.Port())
 
 	// Construct connection strings
 	amqpConnectionString := fmt.Sprintf("amqp://%s:%s/", host, amqpPort.Port())
@@ -299,8 +295,8 @@ func (c SolaceContainer) NewAmqpConnection(ctx context.Context) (*amqp.Conn, err
 func (c SolaceContainer) ValidateTopicName(topicSubscriptionTopicPattern string, topicName string) error {
 	// Cut off the topic:// prefix
 	var name string
-	if strings.HasPrefix(topicName, AmqpTopicPrefix) {
+	if strings.HasPrefix(topicName, "topic://") {
-		name = topicName[len(AmqpTopicPrefix):]
+		name = topicName[len("topic://"):]
 	} else {
 		name = topicName
 	}

audit/utils/sequence_generator_test.go

@@ -1,9 +1,8 @@
 package utils
 
 import (
-	"testing"
-
 	"github.com/stretchr/testify/assert"
+	"testing"
 )
 
 func Test_DefaultSequenceNumberGenerator(t *testing.T) {

gen/go/audit/v1/audit_event.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.36.11
+// 	protoc-gen-go v1.36.5
 // 	protoc        (unknown)
 // source: audit/v1/audit_event.proto
 
@@ -521,8 +521,8 @@ type AuthenticationInfo struct {
 	// The email address of the authenticated user.
 	// Service accounts have email addresses that can be used.
 	//
-	// Required: false
+	// Required: true
-	PrincipalEmail *string `protobuf:"bytes,2,opt,name=principal_email,json=principalEmail,proto3,oneof" json:"principal_email,omitempty"`
+	PrincipalEmail string `protobuf:"bytes,2,opt,name=principal_email,json=principalEmail,proto3" json:"principal_email,omitempty"`
 	// The name of the service account used to create or exchange
 	// credentials for authenticating the service account making the request.
 	//
@@ -584,8 +584,8 @@ func (x *AuthenticationInfo) GetPrincipalId() string {
 }
 
 func (x *AuthenticationInfo) GetPrincipalEmail() string {
-	if x != nil && x.PrincipalEmail != nil {
+	if x != nil {
-		return *x.PrincipalEmail
+		return x.PrincipalEmail
 	}
 	return ""
 }
@@ -1465,143 +1465,326 @@ func (x *ServiceAccountDelegationInfo_IdpPrincipal) GetServiceMetadata() *struct
 
 var File_audit_v1_audit_event_proto protoreflect.FileDescriptor
 
-const file_audit_v1_audit_event_proto_rawDesc = "" +
+var file_audit_v1_audit_event_proto_rawDesc = string([]byte{
-	"\n" +
+	0x0a, 0x1a, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x75, 0x64, 0x69, 0x74,
-	"\x1aaudit/v1/audit_event.proto\x12\baudit.v1\x1a\x1bbuf/validate/validate.proto\x1a\x1cgoogle/protobuf/struct.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x1egoogle/protobuf/wrappers.proto\"\xe2\x04\n" +
+	0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x08, 0x61, 0x75,
-	"\rAuditLogEntry\x12x\n" +
+	0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x1a, 0x1b, 0x62, 0x75, 0x66, 0x2f, 0x76, 0x61, 0x6c, 0x69,
-	"\blog_name\x18\x01 \x01(\tB]\xbaHZ\xc8\x01\x01rU2S^[a-z-]+/[a-z0-9-]+/logs/(?:admin-activity|system-event|policy-denied|data-access)$R\alogName\x12?\n" +
+	0x64, 0x61, 0x74, 0x65, 0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2e, 0x70, 0x72,
-	"\rproto_payload\x18\x02 \x01(\v2\x12.audit.v1.AuditLogB\x06\xbaH\x03\xc8\x01\x01R\fprotoPayload\x12L\n" +
+	0x6f, 0x74, 0x6f, 0x1a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74,
-	"\tinsert_id\x18\x03 \x01(\tB/\xbaH,\xc8\x01\x01r'2%^[0-9]+/[a-z0-9-]+/[a-z0-9-]+/[0-9]+$R\binsertId\x12;\n" +
+	0x6f, 0x62, 0x75, 0x66, 0x2f, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	"\x06labels\x18\x04 \x03(\v2#.audit.v1.AuditLogEntry.LabelsEntryR\x06labels\x126\n" +
+	0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
-	"\x0ecorrelation_id\x18\x05 \x01(\tB\n" +
+	0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f,
-	"\xbaH\ar\x05\x10\x01\x18\xff\x01H\x00R\rcorrelationId\x88\x01\x01\x12E\n" +
+	0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	"\ttimestamp\x18\x06 \x01(\v2\x1a.google.protobuf.TimestampB\v\xbaH\b\xc8\x01\x01\xb2\x01\x028\x01R\ttimestamp\x12>\n" +
+	0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f,
-	"\bseverity\x18\a \x01(\x0e2\x15.audit.v1.LogSeverityB\v\xbaH\b\xc8\x01\x01\x82\x01\x02\x10\x01R\bseverity\x1a9\n" +
+	0x74, 0x6f, 0x22, 0xe2, 0x04, 0x0a, 0x0d, 0x41, 0x75, 0x64, 0x69, 0x74, 0x4c, 0x6f, 0x67, 0x45,
-	"\vLabelsEntry\x12\x10\n" +
+	0x6e, 0x74, 0x72, 0x79, 0x12, 0x78, 0x0a, 0x08, 0x6c, 0x6f, 0x67, 0x5f, 0x6e, 0x61, 0x6d, 0x65,
-	"\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" +
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x5d, 0xba, 0x48, 0x5a, 0xc8, 0x01, 0x01, 0x72, 0x55,
-	"\x05value\x18\x02 \x01(\tR\x05value:\x028\x01B\x11\n" +
+	0x32, 0x53, 0x5e, 0x5b, 0x61, 0x2d, 0x7a, 0x2d, 0x5d, 0x2b, 0x2f, 0x5b, 0x61, 0x2d, 0x7a, 0x30,
-	"\x0f_correlation_id\"\xb3\x06\n" +
+	0x2d, 0x39, 0x2d, 0x5d, 0x2b, 0x2f, 0x6c, 0x6f, 0x67, 0x73, 0x2f, 0x28, 0x3f, 0x3a, 0x61, 0x64,
-	"\bAuditLog\x125\n" +
+	0x6d, 0x69, 0x6e, 0x2d, 0x61, 0x63, 0x74, 0x69, 0x76, 0x69, 0x74, 0x79, 0x7c, 0x73, 0x79, 0x73,
-	"\fservice_name\x18\x01 \x01(\tB\x12\xbaH\x0f\xc8\x01\x01r\n" +
+	0x74, 0x65, 0x6d, 0x2d, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x7c, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79,
-	"\x10\x012\x06.*\\S.*R\vserviceName\x12w\n" +
+	0x2d, 0x64, 0x65, 0x6e, 0x69, 0x65, 0x64, 0x7c, 0x64, 0x61, 0x74, 0x61, 0x2d, 0x61, 0x63, 0x63,
-	"\x0eoperation_name\x18\x02 \x01(\tBP\xbaHM\xc8\x01\x01rH\x10\x01\x18\xff\x012A^stackit\\.[a-z0-9-]+\\.(?:v[0-9]+\\.)?(?:[a-z0-9-.]+\\.)?[a-z0-9-]+$R\roperationName\x12c\n" +
+	0x65, 0x73, 0x73, 0x29, 0x24, 0x52, 0x07, 0x6c, 0x6f, 0x67, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x3f,
-	"\rresource_name\x18\x03 \x01(\tB>\xbaH;\xc8\x01\x01r6\x10\x01\x18\xff\x012/^[a-z]+/[a-z0-9-]+(?:/[a-z0-9-]+/[a-z0-9-_]+)*$R\fresourceName\x12U\n" +
+	0x0a, 0x0d, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x5f, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x18,
-	"\x13authentication_info\x18\x04 \x01(\v2\x1c.audit.v1.AuthenticationInfoB\x06\xbaH\x03\xc8\x01\x01R\x12authenticationInfo\x12J\n" +
+	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31,
-	"\x12authorization_info\x18\x05 \x03(\v2\x1b.audit.v1.AuthorizationInfoR\x11authorizationInfo\x12L\n" +
+	0x2e, 0x41, 0x75, 0x64, 0x69, 0x74, 0x4c, 0x6f, 0x67, 0x42, 0x06, 0xba, 0x48, 0x03, 0xc8, 0x01,
-	"\x10request_metadata\x18\x06 \x01(\v2\x19.audit.v1.RequestMetadataB\x06\xbaH\x03\xc8\x01\x01R\x0frequestMetadata\x126\n" +
+	0x01, 0x52, 0x0c, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x12,
-	"\arequest\x18\a \x01(\v2\x17.google.protobuf.StructH\x00R\arequest\x88\x01\x01\x12O\n" +
+	0x4c, 0x0a, 0x09, 0x69, 0x6e, 0x73, 0x65, 0x72, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01,
-	"\x11response_metadata\x18\b \x01(\v2\x1a.audit.v1.ResponseMetadataB\x06\xbaH\x03\xc8\x01\x01R\x10responseMetadata\x128\n" +
+	0x28, 0x09, 0x42, 0x2f, 0xba, 0x48, 0x2c, 0xc8, 0x01, 0x01, 0x72, 0x27, 0x32, 0x25, 0x5e, 0x5b,
-	"\bresponse\x18\t \x01(\v2\x17.google.protobuf.StructH\x01R\bresponse\x88\x01\x01\x128\n" +
+	0x30, 0x2d, 0x39, 0x5d, 0x2b, 0x2f, 0x5b, 0x61, 0x2d, 0x7a, 0x30, 0x2d, 0x39, 0x2d, 0x5d, 0x2b,
-	"\bmetadata\x18\n" +
+	0x2f, 0x5b, 0x61, 0x2d, 0x7a, 0x30, 0x2d, 0x39, 0x2d, 0x5d, 0x2b, 0x2f, 0x5b, 0x30, 0x2d, 0x39,
-	" \x01(\v2\x17.google.protobuf.StructH\x02R\bmetadata\x88\x01\x01B\n" +
+	0x5d, 0x2b, 0x24, 0x52, 0x08, 0x69, 0x6e, 0x73, 0x65, 0x72, 0x74, 0x49, 0x64, 0x12, 0x3b, 0x0a,
-	"\n" +
+	0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e,
-	"\b_requestB\v\n" +
+	0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x64, 0x69, 0x74, 0x4c, 0x6f,
-	"\t_responseB\v\n" +
+	0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74,
-	"\t_metadata\"\x93\x03\n" +
+	0x72, 0x79, 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, 0x36, 0x0a, 0x0e, 0x63, 0x6f,
-	"\x12AuthenticationInfo\x125\n" +
+	0x72, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01,
-	"\fprincipal_id\x18\x01 \x01(\tB\x12\xbaH\x0f\xc8\x01\x01r\n" +
+	0x28, 0x09, 0x42, 0x0a, 0xba, 0x48, 0x07, 0x72, 0x05, 0x10, 0x01, 0x18, 0xff, 0x01, 0x48, 0x00,
-	"\x10\x012\x06.*\\S.*R\vprincipalId\x12:\n" +
+	0x52, 0x0d, 0x63, 0x6f, 0x72, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x64, 0x88,
-	"\x0fprincipal_email\x18\x02 \x01(\tB\f\xbaH\tr\a\x10\x05\x18\xff\x01`\x01H\x00R\x0eprincipalEmail\x88\x01\x01\x12n\n" +
+	0x01, 0x01, 0x12, 0x45, 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18,
-	"\x14service_account_name\x18\x03 \x01(\tB7\xbaH4r220^[a-z-]+/[a-z0-9-]+/service-accounts/[a-z0-9-]+$H\x01R\x12serviceAccountName\x88\x01\x01\x12m\n" +
+	0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
-	"\x1fservice_account_delegation_info\x18\x04 \x03(\v2&.audit.v1.ServiceAccountDelegationInfoR\x1cserviceAccountDelegationInfoB\x12\n" +
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d,
-	"\x10_principal_emailB\x17\n" +
+	0x70, 0x42, 0x0b, 0xba, 0x48, 0x08, 0xc8, 0x01, 0x01, 0xb2, 0x01, 0x02, 0x38, 0x01, 0x52, 0x09,
-	"\x15_service_account_name\"\xf2\x01\n" +
+	0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x3e, 0x0a, 0x08, 0x73, 0x65, 0x76,
-	"\x11AuthorizationInfo\x12U\n" +
+	0x65, 0x72, 0x69, 0x74, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x15, 0x2e, 0x61, 0x75,
-	"\bresource\x18\x01 \x01(\tB9\xbaH6\xc8\x01\x01r12/^[a-z]+/[a-z0-9-]+(?:/[a-z0-9-]+/[a-z0-9-_]+)*$R\bresource\x12L\n" +
+	0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x6f, 0x67, 0x53, 0x65, 0x76, 0x65, 0x72, 0x69,
-	"\n" +
+	0x74, 0x79, 0x42, 0x0b, 0xba, 0x48, 0x08, 0xc8, 0x01, 0x01, 0x82, 0x01, 0x02, 0x10, 0x01, 0x52,
-	"permission\x18\x02 \x01(\tB'\xbaH$r\"2 ^[a-z-]+(?:\\.[a-z-]+)*\\.[a-z-]+$H\x00R\n" +
+	0x08, 0x73, 0x65, 0x76, 0x65, 0x72, 0x69, 0x74, 0x79, 0x1a, 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62,
-	"permission\x88\x01\x01\x12\x1d\n" +
+	0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18,
-	"\agranted\x18\x03 \x01(\bH\x01R\agranted\x88\x01\x01B\r\n" +
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61,
-	"\v_permissionB\n" +
+	0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65,
-	"\n" +
+	0x3a, 0x02, 0x38, 0x01, 0x42, 0x11, 0x0a, 0x0f, 0x5f, 0x63, 0x6f, 0x72, 0x72, 0x65, 0x6c, 0x61,
-	"\b_granted\"\xaa\v\n" +
+	0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x22, 0xab, 0x06, 0x0a, 0x08, 0x41, 0x75, 0x64, 0x69,
-	"\x10AttributeContext\x1a\xa9\x01\n" +
+	0x74, 0x4c, 0x6f, 0x67, 0x12, 0x2d, 0x0a, 0x0c, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f,
-	"\x04Auth\x12J\n" +
+	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x0a, 0xba, 0x48, 0x07, 0xc8,
-	"\tprincipal\x18\x01 \x01(\tB,\xbaH)\xc8\x01\x01r$2\"^[a-zA-Z0-9-%._]+/[a-zA-Z0-9-%.]+$R\tprincipal\x12\x1c\n" +
+	0x01, 0x01, 0x72, 0x02, 0x10, 0x01, 0x52, 0x0b, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e,
-	"\taudiences\x18\x02 \x03(\tR\taudiences\x127\n" +
+	0x61, 0x6d, 0x65, 0x12, 0x77, 0x0a, 0x0e, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	"\x06claims\x18\x03 \x01(\v2\x17.google.protobuf.StructB\x06\xbaH\x03\xc8\x01\x01R\x06claims\x1a\xce\x04\n" +
+	0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x50, 0xba, 0x48, 0x4d,
-	"\aRequest\x12\x13\n" +
+	0xc8, 0x01, 0x01, 0x72, 0x48, 0x10, 0x01, 0x18, 0xff, 0x01, 0x32, 0x41, 0x5e, 0x73, 0x74, 0x61,
-	"\x02id\x18\x01 \x01(\tH\x00R\x02id\x88\x01\x01\x12J\n" +
+	0x63, 0x6b, 0x69, 0x74, 0x5c, 0x2e, 0x5b, 0x61, 0x2d, 0x7a, 0x30, 0x2d, 0x39, 0x2d, 0x5d, 0x2b,
-	"\x06method\x18\x02 \x01(\x0e2%.audit.v1.AttributeContext.HttpMethodB\v\xbaH\b\xc8\x01\x01\x82\x01\x02\x10\x01R\x06method\x12Q\n" +
+	0x5c, 0x2e, 0x28, 0x3f, 0x3a, 0x76, 0x5b, 0x30, 0x2d, 0x39, 0x5d, 0x2b, 0x5c, 0x2e, 0x29, 0x3f,
-	"\aheaders\x18\x03 \x03(\v2/.audit.v1.AttributeContext.Request.HeadersEntryB\x06\xbaH\x03\xc8\x01\x01R\aheaders\x12)\n" +
+	0x28, 0x3f, 0x3a, 0x5b, 0x61, 0x2d, 0x7a, 0x30, 0x2d, 0x39, 0x2d, 0x2e, 0x5d, 0x2b, 0x5c, 0x2e,
-	"\x04path\x18\x04 \x01(\tB\x15\xbaH\x12\xc8\x01\x01r\r\x10\x01\x18\xff\x012\x06.*\\S.*R\x04path\x12&\n" +
+	0x29, 0x3f, 0x5b, 0x61, 0x2d, 0x7a, 0x30, 0x2d, 0x39, 0x2d, 0x5d, 0x2b, 0x24, 0x52, 0x0d, 0x6f,
-	"\x04host\x18\x05 \x01(\tB\x12\xbaH\x0f\xc8\x01\x01r\n" +
+	0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x63, 0x0a, 0x0d,
-	"\x10\x012\x06.*\\S.*R\x04host\x12*\n" +
+	0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20,
-	"\x06scheme\x18\x06 \x01(\tB\x12\xbaH\x0f\xc8\x01\x01r\n" +
+	0x01, 0x28, 0x09, 0x42, 0x3e, 0xba, 0x48, 0x3b, 0xc8, 0x01, 0x01, 0x72, 0x36, 0x10, 0x01, 0x18,
-	"\x10\x012\x06.*\\S.*R\x06scheme\x12\x19\n" +
+	0xff, 0x01, 0x32, 0x2f, 0x5e, 0x5b, 0x61, 0x2d, 0x7a, 0x5d, 0x2b, 0x2f, 0x5b, 0x61, 0x2d, 0x7a,
-	"\x05query\x18\a \x01(\tH\x01R\x05query\x88\x01\x01\x12;\n" +
+	0x30, 0x2d, 0x39, 0x2d, 0x5d, 0x2b, 0x28, 0x3f, 0x3a, 0x2f, 0x5b, 0x61, 0x2d, 0x7a, 0x30, 0x2d,
-	"\x04time\x18\b \x01(\v2\x1a.google.protobuf.TimestampB\v\xbaH\b\xc8\x01\x01\xb2\x01\x028\x01R\x04time\x12.\n" +
+	0x39, 0x2d, 0x5d, 0x2b, 0x2f, 0x5b, 0x61, 0x2d, 0x7a, 0x30, 0x2d, 0x39, 0x2d, 0x5f, 0x5d, 0x2b,
-	"\bprotocol\x18\t \x01(\tB\x12\xbaH\x0f\xc8\x01\x01r\n" +
+	0x29, 0x2a, 0x24, 0x52, 0x0c, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4e, 0x61, 0x6d,
-	"\x10\x012\x06.*\\S.*R\bprotocol\x12;\n" +
+	0x65, 0x12, 0x55, 0x0a, 0x13, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74,
-	"\x04auth\x18\n" +
+	0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c,
-	" \x01(\v2\x1f.audit.v1.AttributeContext.AuthB\x06\xbaH\x03\xc8\x01\x01R\x04auth\x1a:\n" +
+	0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e,
-	"\fHeadersEntry\x12\x10\n" +
+	0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x42, 0x06, 0xba, 0x48,
-	"\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" +
+	0x03, 0xc8, 0x01, 0x01, 0x52, 0x12, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61,
-	"\x05value\x18\x02 \x01(\tR\x05value:\x028\x01B\x05\n" +
+	0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x4a, 0x0a, 0x12, 0x61, 0x75, 0x74, 0x68,
-	"\x03_idB\b\n" +
+	0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x05,
-	"\x06_query\x1a\x87\x03\n" +
+	0x20, 0x03, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e,
-	"\bResponse\x12W\n" +
+	0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66,
-	"\x12num_response_items\x18\x01 \x01(\v2\x1b.google.protobuf.Int64ValueB\a\xbaH\x04\"\x02(\x00H\x00R\x10numResponseItems\x88\x01\x01\x12=\n" +
+	0x6f, 0x52, 0x11, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	"\x04size\x18\x02 \x01(\v2\x1b.google.protobuf.Int64ValueB\a\xbaH\x04\"\x02(\x00H\x01R\x04size\x88\x01\x01\x12J\n" +
+	0x49, 0x6e, 0x66, 0x6f, 0x12, 0x4c, 0x0a, 0x10, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f,
-	"\aheaders\x18\x03 \x03(\v20.audit.v1.AttributeContext.Response.HeadersEntryR\aheaders\x12;\n" +
+	0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19,
-	"\x04time\x18\x04 \x01(\v2\x1a.google.protobuf.TimestampB\v\xbaH\b\xc8\x01\x01\xb2\x01\x028\x01R\x04time\x1a:\n" +
+	0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
-	"\fHeadersEntry\x12\x10\n" +
+	0x74, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x42, 0x06, 0xba, 0x48, 0x03, 0xc8, 0x01,
-	"\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" +
+	0x01, 0x52, 0x0f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61,
-	"\x05value\x18\x02 \x01(\tR\x05value:\x028\x01B\x15\n" +
+	0x74, 0x61, 0x12, 0x36, 0x0a, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x18, 0x07, 0x20,
-	"\x13_num_response_itemsB\a\n" +
+	0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
-	"\x05_size\"\x8e\x02\n" +
+	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x48, 0x00, 0x52, 0x07,
-	"\n" +
+	0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x88, 0x01, 0x01, 0x12, 0x4f, 0x0a, 0x11, 0x72, 0x65,
-	"HttpMethod\x12\x1b\n" +
+	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18,
-	"\x17HTTP_METHOD_UNSPECIFIED\x10\x00\x12\x15\n" +
+	0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31,
-	"\x11HTTP_METHOD_OTHER\x10\x01\x12\x13\n" +
+	0x2e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74,
-	"\x0fHTTP_METHOD_GET\x10\x02\x12\x14\n" +
+	0x61, 0x42, 0x06, 0xba, 0x48, 0x03, 0xc8, 0x01, 0x01, 0x52, 0x10, 0x72, 0x65, 0x73, 0x70, 0x6f,
-	"\x10HTTP_METHOD_HEAD\x10\x03\x12\x14\n" +
+	0x6e, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x38, 0x0a, 0x08, 0x72,
-	"\x10HTTP_METHOD_POST\x10\x04\x12\x13\n" +
+	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e,
-	"\x0fHTTP_METHOD_PUT\x10\x05\x12\x16\n" +
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
-	"\x12HTTP_METHOD_DELETE\x10\x06\x12\x17\n" +
+	0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x48, 0x01, 0x52, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e,
-	"\x13HTTP_METHOD_CONNECT\x10\a\x12\x17\n" +
+	0x73, 0x65, 0x88, 0x01, 0x01, 0x12, 0x38, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74,
-	"\x13HTTP_METHOD_OPTIONS\x10\b\x12\x15\n" +
+	0x61, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	"\x11HTTP_METHOD_TRACE\x10\t\x12\x15\n" +
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74,
-	"\x11HTTP_METHOD_PATCH\x10\n" +
+	0x48, 0x02, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x88, 0x01, 0x01, 0x42,
-	"\"\xe9\x01\n" +
+	0x0a, 0x0a, 0x08, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x42, 0x0b, 0x0a, 0x09, 0x5f,
-	"\x0fRequestMetadata\x12'\n" +
+	0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x0b, 0x0a, 0x09, 0x5f, 0x6d, 0x65, 0x74,
-	"\tcaller_ip\x18\x01 \x01(\tB\n" +
+	0x61, 0x64, 0x61, 0x74, 0x61, 0x22, 0xf3, 0x02, 0x0a, 0x12, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e,
-	"\xbaH\a\xc8\x01\x01r\x02p\x01R\bcallerIp\x12R\n" +
+	0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x2d, 0x0a, 0x0c,
-	"\x1acaller_supplied_user_agent\x18\x02 \x01(\tB\x15\xbaH\x12\xc8\x01\x01r\r\x10\x01\x18\xff\x012\x06.*\\S.*R\x17callerSuppliedUserAgent\x12Y\n" +
+	0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01,
-	"\x12request_attributes\x18\x03 \x01(\v2\".audit.v1.AttributeContext.RequestB\x06\xbaH\x03\xc8\x01\x01R\x11requestAttributes\"\xb4\x02\n" +
+	0x28, 0x09, 0x42, 0x0a, 0xba, 0x48, 0x07, 0xc8, 0x01, 0x01, 0x72, 0x02, 0x10, 0x01, 0x52, 0x0b,
-	"\x10ResponseMetadata\x12H\n" +
+	0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x49, 0x64, 0x12, 0x36, 0x0a, 0x0f, 0x70,
-	"\vstatus_code\x18\x01 \x01(\v2\x1b.google.protobuf.Int32ValueB\n" +
+	0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x5f, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x18, 0x02,
-	"\xbaH\a\xc8\x01\x01\x1a\x02(\x00R\n" +
+	0x20, 0x01, 0x28, 0x09, 0x42, 0x0d, 0xba, 0x48, 0x0a, 0xc8, 0x01, 0x01, 0x72, 0x05, 0x10, 0x01,
-	"statusCode\x12(\n" +
+	0x18, 0xff, 0x01, 0x52, 0x0e, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x45, 0x6d,
-	"\rerror_message\x18\x02 \x01(\tH\x00R\ferrorMessage\x88\x01\x01\x12<\n" +
+	0x61, 0x69, 0x6c, 0x12, 0x6e, 0x0a, 0x14, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x61,
-	"\rerror_details\x18\x03 \x03(\v2\x17.google.protobuf.StructR\ferrorDetails\x12\\\n" +
+	0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28,
-	"\x13response_attributes\x18\x04 \x01(\v2#.audit.v1.AttributeContext.ResponseB\x06\xbaH\x03\xc8\x01\x01R\x12responseAttributesB\x10\n" +
+	0x09, 0x42, 0x37, 0xba, 0x48, 0x34, 0x72, 0x32, 0x32, 0x30, 0x5e, 0x5b, 0x61, 0x2d, 0x7a, 0x2d,
-	"\x0e_error_message\"\xca\x04\n" +
+	0x5d, 0x2b, 0x2f, 0x5b, 0x61, 0x2d, 0x7a, 0x30, 0x2d, 0x39, 0x2d, 0x5d, 0x2b, 0x2f, 0x73, 0x65,
-	"\x1cServiceAccountDelegationInfo\x12c\n" +
+	0x72, 0x76, 0x69, 0x63, 0x65, 0x2d, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x73, 0x2f, 0x5b,
-	"\x10system_principal\x18\x01 \x01(\v26.audit.v1.ServiceAccountDelegationInfo.SystemPrincipalH\x00R\x0fsystemPrincipal\x12Z\n" +
+	0x61, 0x2d, 0x7a, 0x30, 0x2d, 0x39, 0x2d, 0x5d, 0x2b, 0x24, 0x48, 0x00, 0x52, 0x12, 0x73, 0x65,
-	"\ridp_principal\x18\x02 \x01(\v23.audit.v1.ServiceAccountDelegationInfo.IdpPrincipalH\x00R\fidpPrincipal\x1ao\n" +
+	0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x4e, 0x61, 0x6d, 0x65,
-	"\x0fSystemPrincipal\x12G\n" +
+	0x88, 0x01, 0x01, 0x12, 0x6d, 0x0a, 0x1f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x61,
-	"\x10service_metadata\x18\x01 \x01(\v2\x17.google.protobuf.StructH\x00R\x0fserviceMetadata\x88\x01\x01B\x13\n" +
+	0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x64, 0x65, 0x6c, 0x65, 0x67, 0x61, 0x74, 0x69, 0x6f,
-	"\x11_service_metadata\x1a\xe3\x01\n" +
+	0x6e, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x61,
-	"\fIdpPrincipal\x125\n" +
+	0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41,
-	"\fprincipal_id\x18\x01 \x01(\tB\x12\xbaH\x0f\xc8\x01\x01r\n" +
+	0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x44, 0x65, 0x6c, 0x65, 0x67, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	"\x10\x012\x06.*\\S.*R\vprincipalId\x12>\n" +
+	0x49, 0x6e, 0x66, 0x6f, 0x52, 0x1c, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x63, 0x63,
-	"\x0fprincipal_email\x18\x02 \x01(\tB\x15\xbaH\x12\xc8\x01\x01r\r\x10\x01\x18\xff\x012\x06.*\\S.*R\x0eprincipalEmail\x12G\n" +
+	0x6f, 0x75, 0x6e, 0x74, 0x44, 0x65, 0x6c, 0x65, 0x67, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e,
-	"\x10service_metadata\x18\x03 \x01(\v2\x17.google.protobuf.StructH\x00R\x0fserviceMetadata\x88\x01\x01B\x13\n" +
+	0x66, 0x6f, 0x42, 0x17, 0x0a, 0x15, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x61,
-	"\x11_service_metadataB\x12\n" +
+	0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0xf2, 0x01, 0x0a, 0x11,
-	"\tauthority\x12\x05\xbaH\x02\b\x01*\x96\x02\n" +
+	0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66,
-	"\vLogSeverity\x12\x1c\n" +
+	0x6f, 0x12, 0x55, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x01, 0x20,
-	"\x18LOG_SEVERITY_UNSPECIFIED\x10\x00\x12\x18\n" +
+	0x01, 0x28, 0x09, 0x42, 0x39, 0xba, 0x48, 0x36, 0xc8, 0x01, 0x01, 0x72, 0x31, 0x32, 0x2f, 0x5e,
-	"\x14LOG_SEVERITY_DEFAULT\x10d\x12\x17\n" +
+	0x5b, 0x61, 0x2d, 0x7a, 0x5d, 0x2b, 0x2f, 0x5b, 0x61, 0x2d, 0x7a, 0x30, 0x2d, 0x39, 0x2d, 0x5d,
-	"\x12LOG_SEVERITY_DEBUG\x10\xc8\x01\x12\x16\n" +
+	0x2b, 0x28, 0x3f, 0x3a, 0x2f, 0x5b, 0x61, 0x2d, 0x7a, 0x30, 0x2d, 0x39, 0x2d, 0x5d, 0x2b, 0x2f,
-	"\x11LOG_SEVERITY_INFO\x10\xac\x02\x12\x18\n" +
+	0x5b, 0x61, 0x2d, 0x7a, 0x30, 0x2d, 0x39, 0x2d, 0x5f, 0x5d, 0x2b, 0x29, 0x2a, 0x24, 0x52, 0x08,
-	"\x13LOG_SEVERITY_NOTICE\x10\x90\x03\x12\x19\n" +
+	0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x4c, 0x0a, 0x0a, 0x70, 0x65, 0x72, 0x6d,
-	"\x14LOG_SEVERITY_WARNING\x10\xf4\x03\x12\x17\n" +
+	0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x27, 0xba, 0x48,
-	"\x12LOG_SEVERITY_ERROR\x10\xd8\x04\x12\x1a\n" +
+	0x24, 0x72, 0x22, 0x32, 0x20, 0x5e, 0x5b, 0x61, 0x2d, 0x7a, 0x2d, 0x5d, 0x2b, 0x28, 0x3f, 0x3a,
-	"\x15LOG_SEVERITY_CRITICAL\x10\xbc\x05\x12\x17\n" +
+	0x5c, 0x2e, 0x5b, 0x61, 0x2d, 0x7a, 0x2d, 0x5d, 0x2b, 0x29, 0x2a, 0x5c, 0x2e, 0x5b, 0x61, 0x2d,
-	"\x12LOG_SEVERITY_ALERT\x10\xa0\x06\x12\x1b\n" +
+	0x7a, 0x2d, 0x5d, 0x2b, 0x24, 0x48, 0x00, 0x52, 0x0a, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73,
-	"\x16LOG_SEVERITY_EMERGENCY\x10\x84\aB1\n" +
+	0x69, 0x6f, 0x6e, 0x88, 0x01, 0x01, 0x12, 0x1d, 0x0a, 0x07, 0x67, 0x72, 0x61, 0x6e, 0x74, 0x65,
-	"\x1ccom.schwarz.stackit.audit.v1P\x01Z\x0f./audit;auditV1b\x06proto3"
+	0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x48, 0x01, 0x52, 0x07, 0x67, 0x72, 0x61, 0x6e, 0x74,
+	0x65, 0x64, 0x88, 0x01, 0x01, 0x42, 0x0d, 0x0a, 0x0b, 0x5f, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73,
+	0x73, 0x69, 0x6f, 0x6e, 0x42, 0x0a, 0x0a, 0x08, 0x5f, 0x67, 0x72, 0x61, 0x6e, 0x74, 0x65, 0x64,
+	0x22, 0x89, 0x0b, 0x0a, 0x10, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x43, 0x6f,
+	0x6e, 0x74, 0x65, 0x78, 0x74, 0x1a, 0xa8, 0x01, 0x0a, 0x04, 0x41, 0x75, 0x74, 0x68, 0x12, 0x49,
+	0x0a, 0x09, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x42, 0x2b, 0xba, 0x48, 0x28, 0xc8, 0x01, 0x01, 0x72, 0x23, 0x32, 0x21, 0x5e, 0x5b, 0x61,
+	0x2d, 0x7a, 0x41, 0x2d, 0x5a, 0x30, 0x2d, 0x39, 0x2d, 0x25, 0x2e, 0x5d, 0x2b, 0x2f, 0x5b, 0x61,
+	0x2d, 0x7a, 0x41, 0x2d, 0x5a, 0x30, 0x2d, 0x39, 0x2d, 0x25, 0x2e, 0x5d, 0x2b, 0x24, 0x52, 0x09,
+	0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x75, 0x64,
+	0x69, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x61, 0x75,
+	0x64, 0x69, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x12, 0x37, 0x0a, 0x06, 0x63, 0x6c, 0x61, 0x69, 0x6d,
+	0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74,
+	0x42, 0x06, 0xba, 0x48, 0x03, 0xc8, 0x01, 0x01, 0x52, 0x06, 0x63, 0x6c, 0x61, 0x69, 0x6d, 0x73,
+	0x1a, 0xae, 0x04, 0x0a, 0x07, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x13, 0x0a, 0x02,
+	0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x02, 0x69, 0x64, 0x88, 0x01,
+	0x01, 0x12, 0x4a, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x0e, 0x32, 0x25, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x74, 0x74,
+	0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x2e, 0x48, 0x74,
+	0x74, 0x70, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x42, 0x0b, 0xba, 0x48, 0x08, 0xc8, 0x01, 0x01,
+	0x82, 0x01, 0x02, 0x10, 0x01, 0x52, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x51, 0x0a,
+	0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f,
+	0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62,
+	0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x42,
+	0x06, 0xba, 0x48, 0x03, 0xc8, 0x01, 0x01, 0x52, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73,
+	0x12, 0x21, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x42, 0x0d,
+	0xba, 0x48, 0x0a, 0xc8, 0x01, 0x01, 0x72, 0x05, 0x10, 0x01, 0x18, 0xff, 0x01, 0x52, 0x04, 0x70,
+	0x61, 0x74, 0x68, 0x12, 0x1e, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28,
+	0x09, 0x42, 0x0a, 0xba, 0x48, 0x07, 0xc8, 0x01, 0x01, 0x72, 0x02, 0x10, 0x01, 0x52, 0x04, 0x68,
+	0x6f, 0x73, 0x74, 0x12, 0x22, 0x0a, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x18, 0x06, 0x20,
+	0x01, 0x28, 0x09, 0x42, 0x0a, 0xba, 0x48, 0x07, 0xc8, 0x01, 0x01, 0x72, 0x02, 0x10, 0x01, 0x52,
+	0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x12, 0x19, 0x0a, 0x05, 0x71, 0x75, 0x65, 0x72, 0x79,
+	0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x48, 0x01, 0x52, 0x05, 0x71, 0x75, 0x65, 0x72, 0x79, 0x88,
+	0x01, 0x01, 0x12, 0x3b, 0x0a, 0x04, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x42, 0x0b, 0xba, 0x48,
+	0x08, 0xc8, 0x01, 0x01, 0xb2, 0x01, 0x02, 0x38, 0x01, 0x52, 0x04, 0x74, 0x69, 0x6d, 0x65, 0x12,
+	0x26, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x09, 0x20, 0x01, 0x28,
+	0x09, 0x42, 0x0a, 0xba, 0x48, 0x07, 0xc8, 0x01, 0x01, 0x72, 0x02, 0x10, 0x01, 0x52, 0x08, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x3b, 0x0a, 0x04, 0x61, 0x75, 0x74, 0x68, 0x18,
+	0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31,
+	0x2e, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78,
+	0x74, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x42, 0x06, 0xba, 0x48, 0x03, 0xc8, 0x01, 0x01, 0x52, 0x04,
+	0x61, 0x75, 0x74, 0x68, 0x1a, 0x3a, 0x0a, 0x0c, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x45,
+	0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01,
+	0x42, 0x05, 0x0a, 0x03, 0x5f, 0x69, 0x64, 0x42, 0x08, 0x0a, 0x06, 0x5f, 0x71, 0x75, 0x65, 0x72,
+	0x79, 0x1a, 0x87, 0x03, 0x0a, 0x08, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x57,
+	0x0a, 0x12, 0x6e, 0x75, 0x6d, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x69,
+	0x74, 0x65, 0x6d, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x49, 0x6e, 0x74,
+	0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x07, 0xba, 0x48, 0x04, 0x22, 0x02, 0x28, 0x00,
+	0x48, 0x00, 0x52, 0x10, 0x6e, 0x75, 0x6d, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x49,
+	0x74, 0x65, 0x6d, 0x73, 0x88, 0x01, 0x01, 0x12, 0x3d, 0x0a, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c,
+	0x75, 0x65, 0x42, 0x07, 0xba, 0x48, 0x04, 0x22, 0x02, 0x28, 0x00, 0x48, 0x01, 0x52, 0x04, 0x73,
+	0x69, 0x7a, 0x65, 0x88, 0x01, 0x01, 0x12, 0x4a, 0x0a, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72,
+	0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e,
+	0x76, 0x31, 0x2e, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74,
+	0x65, 0x78, 0x74, 0x2e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x2e, 0x48, 0x65, 0x61,
+	0x64, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65,
+	0x72, 0x73, 0x12, 0x3b, 0x0a, 0x04, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x42, 0x0b, 0xba, 0x48,
+	0x08, 0xc8, 0x01, 0x01, 0xb2, 0x01, 0x02, 0x38, 0x01, 0x52, 0x04, 0x74, 0x69, 0x6d, 0x65, 0x1a,
+	0x3a, 0x0a, 0x0c, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12,
+	0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65,
+	0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x15, 0x0a, 0x13, 0x5f,
+	0x6e, 0x75, 0x6d, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x69, 0x74, 0x65,
+	0x6d, 0x73, 0x42, 0x07, 0x0a, 0x05, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x22, 0x8e, 0x02, 0x0a, 0x0a,
+	0x48, 0x74, 0x74, 0x70, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x1b, 0x0a, 0x17, 0x48, 0x54,
+	0x54, 0x50, 0x5f, 0x4d, 0x45, 0x54, 0x48, 0x4f, 0x44, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43,
+	0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x15, 0x0a, 0x11, 0x48, 0x54, 0x54, 0x50, 0x5f,
+	0x4d, 0x45, 0x54, 0x48, 0x4f, 0x44, 0x5f, 0x4f, 0x54, 0x48, 0x45, 0x52, 0x10, 0x01, 0x12, 0x13,
+	0x0a, 0x0f, 0x48, 0x54, 0x54, 0x50, 0x5f, 0x4d, 0x45, 0x54, 0x48, 0x4f, 0x44, 0x5f, 0x47, 0x45,
+	0x54, 0x10, 0x02, 0x12, 0x14, 0x0a, 0x10, 0x48, 0x54, 0x54, 0x50, 0x5f, 0x4d, 0x45, 0x54, 0x48,
+	0x4f, 0x44, 0x5f, 0x48, 0x45, 0x41, 0x44, 0x10, 0x03, 0x12, 0x14, 0x0a, 0x10, 0x48, 0x54, 0x54,
+	0x50, 0x5f, 0x4d, 0x45, 0x54, 0x48, 0x4f, 0x44, 0x5f, 0x50, 0x4f, 0x53, 0x54, 0x10, 0x04, 0x12,
+	0x13, 0x0a, 0x0f, 0x48, 0x54, 0x54, 0x50, 0x5f, 0x4d, 0x45, 0x54, 0x48, 0x4f, 0x44, 0x5f, 0x50,
+	0x55, 0x54, 0x10, 0x05, 0x12, 0x16, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x5f, 0x4d, 0x45, 0x54,
+	0x48, 0x4f, 0x44, 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0x06, 0x12, 0x17, 0x0a, 0x13,
+	0x48, 0x54, 0x54, 0x50, 0x5f, 0x4d, 0x45, 0x54, 0x48, 0x4f, 0x44, 0x5f, 0x43, 0x4f, 0x4e, 0x4e,
+	0x45, 0x43, 0x54, 0x10, 0x07, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x54, 0x54, 0x50, 0x5f, 0x4d, 0x45,
+	0x54, 0x48, 0x4f, 0x44, 0x5f, 0x4f, 0x50, 0x54, 0x49, 0x4f, 0x4e, 0x53, 0x10, 0x08, 0x12, 0x15,
+	0x0a, 0x11, 0x48, 0x54, 0x54, 0x50, 0x5f, 0x4d, 0x45, 0x54, 0x48, 0x4f, 0x44, 0x5f, 0x54, 0x52,
+	0x41, 0x43, 0x45, 0x10, 0x09, 0x12, 0x15, 0x0a, 0x11, 0x48, 0x54, 0x54, 0x50, 0x5f, 0x4d, 0x45,
+	0x54, 0x48, 0x4f, 0x44, 0x5f, 0x50, 0x41, 0x54, 0x43, 0x48, 0x10, 0x0a, 0x22, 0xe1, 0x01, 0x0a,
+	0x0f, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61,
+	0x12, 0x27, 0x0a, 0x09, 0x63, 0x61, 0x6c, 0x6c, 0x65, 0x72, 0x5f, 0x69, 0x70, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x09, 0x42, 0x0a, 0xba, 0x48, 0x07, 0xc8, 0x01, 0x01, 0x72, 0x02, 0x70, 0x01, 0x52,
+	0x08, 0x63, 0x61, 0x6c, 0x6c, 0x65, 0x72, 0x49, 0x70, 0x12, 0x4a, 0x0a, 0x1a, 0x63, 0x61, 0x6c,
+	0x6c, 0x65, 0x72, 0x5f, 0x73, 0x75, 0x70, 0x70, 0x6c, 0x69, 0x65, 0x64, 0x5f, 0x75, 0x73, 0x65,
+	0x72, 0x5f, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x0d, 0xba,
+	0x48, 0x0a, 0xc8, 0x01, 0x01, 0x72, 0x05, 0x10, 0x01, 0x18, 0xff, 0x01, 0x52, 0x17, 0x63, 0x61,
+	0x6c, 0x6c, 0x65, 0x72, 0x53, 0x75, 0x70, 0x70, 0x6c, 0x69, 0x65, 0x64, 0x55, 0x73, 0x65, 0x72,
+	0x41, 0x67, 0x65, 0x6e, 0x74, 0x12, 0x59, 0x0a, 0x12, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x5f, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x22, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x74, 0x74,
+	0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x2e, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x42, 0x06, 0xba, 0x48, 0x03, 0xc8, 0x01, 0x01, 0x52, 0x11, 0x72,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73,
+	0x22, 0xb4, 0x02, 0x0a, 0x10, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x4d, 0x65, 0x74,
+	0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x48, 0x0a, 0x0b, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x5f,
+	0x63, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x49, 0x6e, 0x74,
+	0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x0a, 0xba, 0x48, 0x07, 0xc8, 0x01, 0x01, 0x1a,
+	0x02, 0x28, 0x00, 0x52, 0x0a, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x43, 0x6f, 0x64, 0x65, 0x12,
+	0x28, 0x0a, 0x0d, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x5f, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0c, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x4d,
+	0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x88, 0x01, 0x01, 0x12, 0x3c, 0x0a, 0x0d, 0x65, 0x72, 0x72,
+	0x6f, 0x72, 0x5f, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b,
+	0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x0c, 0x65, 0x72, 0x72, 0x6f, 0x72,
+	0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x12, 0x5c, 0x0a, 0x13, 0x72, 0x65, 0x73, 0x70, 0x6f,
+	0x6e, 0x73, 0x65, 0x5f, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x18, 0x04,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e,
+	0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74,
+	0x2e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x06, 0xba, 0x48, 0x03, 0xc8, 0x01,
+	0x01, 0x52, 0x12, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69,
+	0x62, 0x75, 0x74, 0x65, 0x73, 0x42, 0x10, 0x0a, 0x0e, 0x5f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x5f,
+	0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x22, 0xba, 0x04, 0x0a, 0x1c, 0x53, 0x65, 0x72, 0x76,
+	0x69, 0x63, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x44, 0x65, 0x6c, 0x65, 0x67, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x63, 0x0a, 0x10, 0x73, 0x79, 0x73, 0x74,
+	0x65, 0x6d, 0x5f, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x36, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65,
+	0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x44, 0x65, 0x6c, 0x65,
+	0x67, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x2e, 0x53, 0x79, 0x73, 0x74, 0x65,
+	0x6d, 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x48, 0x00, 0x52, 0x0f, 0x73, 0x79,
+	0x73, 0x74, 0x65, 0x6d, 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x12, 0x5a, 0x0a,
+	0x0d, 0x69, 0x64, 0x70, 0x5f, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e,
+	0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x44, 0x65,
+	0x6c, 0x65, 0x67, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x2e, 0x49, 0x64, 0x70,
+	0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x48, 0x00, 0x52, 0x0c, 0x69, 0x64, 0x70,
+	0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x1a, 0x6f, 0x0a, 0x0f, 0x53, 0x79, 0x73,
+	0x74, 0x65, 0x6d, 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x12, 0x47, 0x0a, 0x10,
+	0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x48,
+	0x00, 0x52, 0x0f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61,
+	0x74, 0x61, 0x88, 0x01, 0x01, 0x42, 0x13, 0x0a, 0x11, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63,
+	0x65, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x1a, 0xd3, 0x01, 0x0a, 0x0c, 0x49,
+	0x64, 0x70, 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x12, 0x2d, 0x0a, 0x0c, 0x70,
+	0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x42, 0x0a, 0xba, 0x48, 0x07, 0xc8, 0x01, 0x01, 0x72, 0x02, 0x10, 0x01, 0x52, 0x0b, 0x70,
+	0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x49, 0x64, 0x12, 0x36, 0x0a, 0x0f, 0x70, 0x72,
+	0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x5f, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x09, 0x42, 0x0d, 0xba, 0x48, 0x0a, 0xc8, 0x01, 0x01, 0x72, 0x05, 0x10, 0x01, 0x18,
+	0xff, 0x01, 0x52, 0x0e, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x45, 0x6d, 0x61,
+	0x69, 0x6c, 0x12, 0x47, 0x0a, 0x10, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x6d, 0x65,
+	0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53,
+	0x74, 0x72, 0x75, 0x63, 0x74, 0x48, 0x00, 0x52, 0x0f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65,
+	0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x88, 0x01, 0x01, 0x42, 0x13, 0x0a, 0x11, 0x5f,
+	0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61,
+	0x42, 0x12, 0x0a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x05, 0xba,
+	0x48, 0x02, 0x08, 0x01, 0x2a, 0x96, 0x02, 0x0a, 0x0b, 0x4c, 0x6f, 0x67, 0x53, 0x65, 0x76, 0x65,
+	0x72, 0x69, 0x74, 0x79, 0x12, 0x1c, 0x0a, 0x18, 0x4c, 0x4f, 0x47, 0x5f, 0x53, 0x45, 0x56, 0x45,
+	0x52, 0x49, 0x54, 0x59, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44,
+	0x10, 0x00, 0x12, 0x18, 0x0a, 0x14, 0x4c, 0x4f, 0x47, 0x5f, 0x53, 0x45, 0x56, 0x45, 0x52, 0x49,
+	0x54, 0x59, 0x5f, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x64, 0x12, 0x17, 0x0a, 0x12,
+	0x4c, 0x4f, 0x47, 0x5f, 0x53, 0x45, 0x56, 0x45, 0x52, 0x49, 0x54, 0x59, 0x5f, 0x44, 0x45, 0x42,
+	0x55, 0x47, 0x10, 0xc8, 0x01, 0x12, 0x16, 0x0a, 0x11, 0x4c, 0x4f, 0x47, 0x5f, 0x53, 0x45, 0x56,
+	0x45, 0x52, 0x49, 0x54, 0x59, 0x5f, 0x49, 0x4e, 0x46, 0x4f, 0x10, 0xac, 0x02, 0x12, 0x18, 0x0a,
+	0x13, 0x4c, 0x4f, 0x47, 0x5f, 0x53, 0x45, 0x56, 0x45, 0x52, 0x49, 0x54, 0x59, 0x5f, 0x4e, 0x4f,
+	0x54, 0x49, 0x43, 0x45, 0x10, 0x90, 0x03, 0x12, 0x19, 0x0a, 0x14, 0x4c, 0x4f, 0x47, 0x5f, 0x53,
+	0x45, 0x56, 0x45, 0x52, 0x49, 0x54, 0x59, 0x5f, 0x57, 0x41, 0x52, 0x4e, 0x49, 0x4e, 0x47, 0x10,
+	0xf4, 0x03, 0x12, 0x17, 0x0a, 0x12, 0x4c, 0x4f, 0x47, 0x5f, 0x53, 0x45, 0x56, 0x45, 0x52, 0x49,
+	0x54, 0x59, 0x5f, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x10, 0xd8, 0x04, 0x12, 0x1a, 0x0a, 0x15, 0x4c,
+	0x4f, 0x47, 0x5f, 0x53, 0x45, 0x56, 0x45, 0x52, 0x49, 0x54, 0x59, 0x5f, 0x43, 0x52, 0x49, 0x54,
+	0x49, 0x43, 0x41, 0x4c, 0x10, 0xbc, 0x05, 0x12, 0x17, 0x0a, 0x12, 0x4c, 0x4f, 0x47, 0x5f, 0x53,
+	0x45, 0x56, 0x45, 0x52, 0x49, 0x54, 0x59, 0x5f, 0x41, 0x4c, 0x45, 0x52, 0x54, 0x10, 0xa0, 0x06,
+	0x12, 0x1b, 0x0a, 0x16, 0x4c, 0x4f, 0x47, 0x5f, 0x53, 0x45, 0x56, 0x45, 0x52, 0x49, 0x54, 0x59,
+	0x5f, 0x45, 0x4d, 0x45, 0x52, 0x47, 0x45, 0x4e, 0x43, 0x59, 0x10, 0x84, 0x07, 0x42, 0x31, 0x0a,
+	0x1c, 0x63, 0x6f, 0x6d, 0x2e, 0x73, 0x63, 0x68, 0x77, 0x61, 0x72, 0x7a, 0x2e, 0x73, 0x74, 0x61,
+	0x63, 0x6b, 0x69, 0x74, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x50, 0x01, 0x5a,
+	0x0f, 0x2e, 0x2f, 0x61, 0x75, 0x64, 0x69, 0x74, 0x3b, 0x61, 0x75, 0x64, 0x69, 0x74, 0x56, 0x31,
+	0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+})
 
 var (
 	file_audit_v1_audit_event_proto_rawDescOnce sync.Once

gen/go/audit/v1/audit_event.pb.validate.go

@@ -554,6 +554,8 @@ func (m *AuthenticationInfo) validate(all bool) error {
 
 	// no validation rules for PrincipalId
 
+	// no validation rules for PrincipalEmail
+
 	for idx, item := range m.GetServiceAccountDelegationInfo() {
 		_, _ = idx, item
 
@@ -588,10 +590,6 @@ func (m *AuthenticationInfo) validate(all bool) error {
 
 	}
 
-	if m.PrincipalEmail != nil {
-		// no validation rules for PrincipalEmail
-	}
-
 	if m.ServiceAccountName != nil {
 		// no validation rules for ServiceAccountName
 	}

gen/go/audit/v1/routable_event.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.36.11
+// 	protoc-gen-go v1.36.5
 // 	protoc        (unknown)
 // source: audit/v1/routable_event.proto
 
@@ -411,44 +411,74 @@ func (*RoutableAuditEvent_EncryptedData) isRoutableAuditEvent_Data() {}
 
 var File_audit_v1_routable_event_proto protoreflect.FileDescriptor
 
-const file_audit_v1_routable_event_proto_rawDesc = "" +
+var file_audit_v1_routable_event_proto_rawDesc = string([]byte{
-	"\n" +
+	0x0a, 0x1d, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2f, 0x76, 0x31, 0x2f, 0x72, 0x6f, 0x75, 0x74, 0x61,
-	"\x1daudit/v1/routable_event.proto\x12\baudit.v1\x1a\x1bbuf/validate/validate.proto\"_\n" +
+	0x62, 0x6c, 0x65, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12,
-	"\x10ObjectIdentifier\x12+\n" +
+	0x08, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x1a, 0x1b, 0x62, 0x75, 0x66, 0x2f, 0x76,
-	"\n" +
+	0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65,
-	"identifier\x18\x01 \x01(\tB\v\xbaH\b\xc8\x01\x01r\x03\xb0\x01\x01R\n" +
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x5f, 0x0a, 0x10, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74,
-	"identifier\x12\x1e\n" +
+	0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, 0x2b, 0x0a, 0x0a, 0x69, 0x64,
-	"\x04type\x18\x02 \x01(\tB\n" +
+	0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x0b,
-	"\xbaH\a\xc8\x01\x01r\x02\x10\x01R\x04type\"\xc5\x01\n" +
+	0xba, 0x48, 0x08, 0xc8, 0x01, 0x01, 0x72, 0x03, 0xb0, 0x01, 0x01, 0x52, 0x0a, 0x69, 0x64, 0x65,
-	"\rEncryptedData\x12\x1e\n" +
+	0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, 0x1e, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18,
-	"\x04data\x18\x01 \x01(\fB\n" +
+	0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x0a, 0xba, 0x48, 0x07, 0xc8, 0x01, 0x01, 0x72, 0x02, 0x10,
-	"\xbaH\a\xc8\x01\x01z\x02\x10\x01R\x04data\x12/\n" +
+	0x01, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x22, 0xc5, 0x01, 0x0a, 0x0d, 0x45, 0x6e, 0x63, 0x72,
-	"\rprotobuf_type\x18\x02 \x01(\tB\n" +
+	0x79, 0x70, 0x74, 0x65, 0x64, 0x44, 0x61, 0x74, 0x61, 0x12, 0x1e, 0x0a, 0x04, 0x64, 0x61, 0x74,
-	"\xbaH\a\xc8\x01\x01r\x02\x10\x01R\fprotobufType\x129\n" +
+	0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x0a, 0xba, 0x48, 0x07, 0xc8, 0x01, 0x01, 0x7a,
-	"\x12encrypted_password\x18\x03 \x01(\tB\n" +
+	0x02, 0x10, 0x01, 0x52, 0x04, 0x64, 0x61, 0x74, 0x61, 0x12, 0x2f, 0x0a, 0x0d, 0x70, 0x72, 0x6f,
-	"\xbaH\a\xc8\x01\x01r\x02\x10\x01R\x11encryptedPassword\x12(\n" +
+	0x74, 0x6f, 0x62, 0x75, 0x66, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
-	"\vkey_version\x18\x04 \x01(\x05B\a\xbaH\x04\x1a\x02(\x01R\n" +
+	0x42, 0x0a, 0xba, 0x48, 0x07, 0xc8, 0x01, 0x01, 0x72, 0x02, 0x10, 0x01, 0x52, 0x0c, 0x70, 0x72,
-	"keyVersion\"b\n" +
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x54, 0x79, 0x70, 0x65, 0x12, 0x39, 0x0a, 0x12, 0x65, 0x6e,
-	"\x0fUnencryptedData\x12\x1e\n" +
+	0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x5f, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64,
-	"\x04data\x18\x01 \x01(\fB\n" +
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x0a, 0xba, 0x48, 0x07, 0xc8, 0x01, 0x01, 0x72, 0x02,
-	"\xbaH\a\xc8\x01\x01z\x02\x10\x01R\x04data\x12/\n" +
+	0x10, 0x01, 0x52, 0x11, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x50, 0x61, 0x73,
-	"\rprotobuf_type\x18\x02 \x01(\tB\n" +
+	0x73, 0x77, 0x6f, 0x72, 0x64, 0x12, 0x28, 0x0a, 0x0b, 0x6b, 0x65, 0x79, 0x5f, 0x76, 0x65, 0x72,
-	"\xbaH\a\xc8\x01\x01r\x02\x10\x01R\fprotobufType\"\xb5\x03\n" +
+	0x73, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x42, 0x07, 0xba, 0x48, 0x04, 0x1a,
-	"\x12RoutableAuditEvent\x12r\n" +
+	0x02, 0x28, 0x01, 0x52, 0x0a, 0x6b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22,
-	"\x0eoperation_name\x18\x01 \x01(\tBK\xbaHH\xc8\x01\x01rC2A^stackit\\.[a-z0-9-]+\\.(?:v[0-9]+\\.)?(?:[a-z0-9-.]+\\.)?[a-z0-9-]+$R\roperationName\x12A\n" +
+	0x62, 0x0a, 0x0f, 0x55, 0x6e, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x44, 0x61,
-	"\n" +
+	0x74, 0x61, 0x12, 0x1e, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c,
-	"visibility\x18\x02 \x01(\x0e2\x14.audit.v1.VisibilityB\v\xbaH\b\xc8\x01\x01\x82\x01\x02\x10\x01R\n" +
+	0x42, 0x0a, 0xba, 0x48, 0x07, 0xc8, 0x01, 0x01, 0x7a, 0x02, 0x10, 0x01, 0x52, 0x04, 0x64, 0x61,
-	"visibility\x12O\n" +
+	0x74, 0x61, 0x12, 0x2f, 0x0a, 0x0d, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x5f, 0x74,
-	"\x11object_identifier\x18\x03 \x01(\v2\x1a.audit.v1.ObjectIdentifierB\x06\xbaH\x03\xc8\x01\x01R\x10objectIdentifier\x12F\n" +
+	0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x0a, 0xba, 0x48, 0x07, 0xc8, 0x01,
-	"\x10unencrypted_data\x18\x04 \x01(\v2\x19.audit.v1.UnencryptedDataH\x00R\x0funencryptedData\x12@\n" +
+	0x01, 0x72, 0x02, 0x10, 0x01, 0x52, 0x0c, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x54,
-	"\x0eencrypted_data\x18\x05 \x01(\v2\x17.audit.v1.EncryptedDataH\x00R\rencryptedDataB\r\n" +
+	0x79, 0x70, 0x65, 0x22, 0xb5, 0x03, 0x0a, 0x12, 0x52, 0x6f, 0x75, 0x74, 0x61, 0x62, 0x6c, 0x65,
-	"\x04data\x12\x05\xbaH\x02\b\x01*W\n" +
+	0x41, 0x75, 0x64, 0x69, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x72, 0x0a, 0x0e, 0x6f, 0x70,
-	"\n" +
+	0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
-	"Visibility\x12\x1a\n" +
+	0x28, 0x09, 0x42, 0x4b, 0xba, 0x48, 0x48, 0xc8, 0x01, 0x01, 0x72, 0x43, 0x32, 0x41, 0x5e, 0x73,
-	"\x16VISIBILITY_UNSPECIFIED\x10\x00\x12\x15\n" +
+	0x74, 0x61, 0x63, 0x6b, 0x69, 0x74, 0x5c, 0x2e, 0x5b, 0x61, 0x2d, 0x7a, 0x30, 0x2d, 0x39, 0x2d,
-	"\x11VISIBILITY_PUBLIC\x10\x01\x12\x16\n" +
+	0x5d, 0x2b, 0x5c, 0x2e, 0x28, 0x3f, 0x3a, 0x76, 0x5b, 0x30, 0x2d, 0x39, 0x5d, 0x2b, 0x5c, 0x2e,
-	"\x12VISIBILITY_PRIVATE\x10\x02B1\n" +
+	0x29, 0x3f, 0x28, 0x3f, 0x3a, 0x5b, 0x61, 0x2d, 0x7a, 0x30, 0x2d, 0x39, 0x2d, 0x2e, 0x5d, 0x2b,
-	"\x1ccom.schwarz.stackit.audit.v1P\x01Z\x0f./audit;auditV1b\x06proto3"
+	0x5c, 0x2e, 0x29, 0x3f, 0x5b, 0x61, 0x2d, 0x7a, 0x30, 0x2d, 0x39, 0x2d, 0x5d, 0x2b, 0x24, 0x52,
+	0x0d, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x41,
+	0x0a, 0x0a, 0x76, 0x69, 0x73, 0x69, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x0e, 0x32, 0x14, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x56, 0x69,
+	0x73, 0x69, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x42, 0x0b, 0xba, 0x48, 0x08, 0xc8, 0x01, 0x01,
+	0x82, 0x01, 0x02, 0x10, 0x01, 0x52, 0x0a, 0x76, 0x69, 0x73, 0x69, 0x62, 0x69, 0x6c, 0x69, 0x74,
+	0x79, 0x12, 0x4f, 0x0a, 0x11, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x69, 0x64, 0x65, 0x6e,
+	0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x61,
+	0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64,
+	0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x42, 0x06, 0xba, 0x48, 0x03, 0xc8, 0x01, 0x01,
+	0x52, 0x10, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69,
+	0x65, 0x72, 0x12, 0x46, 0x0a, 0x10, 0x75, 0x6e, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65,
+	0x64, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x61,
+	0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x6e, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70,
+	0x74, 0x65, 0x64, 0x44, 0x61, 0x74, 0x61, 0x48, 0x00, 0x52, 0x0f, 0x75, 0x6e, 0x65, 0x6e, 0x63,
+	0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x44, 0x61, 0x74, 0x61, 0x12, 0x40, 0x0a, 0x0e, 0x65, 0x6e,
+	0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x18, 0x05, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x17, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x6e,
+	0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x44, 0x61, 0x74, 0x61, 0x48, 0x00, 0x52, 0x0d, 0x65,
+	0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x44, 0x61, 0x74, 0x61, 0x42, 0x0d, 0x0a, 0x04,
+	0x64, 0x61, 0x74, 0x61, 0x12, 0x05, 0xba, 0x48, 0x02, 0x08, 0x01, 0x2a, 0x57, 0x0a, 0x0a, 0x56,
+	0x69, 0x73, 0x69, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x12, 0x1a, 0x0a, 0x16, 0x56, 0x49, 0x53,
+	0x49, 0x42, 0x49, 0x4c, 0x49, 0x54, 0x59, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46,
+	0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x15, 0x0a, 0x11, 0x56, 0x49, 0x53, 0x49, 0x42, 0x49, 0x4c,
+	0x49, 0x54, 0x59, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x10, 0x01, 0x12, 0x16, 0x0a, 0x12,
+	0x56, 0x49, 0x53, 0x49, 0x42, 0x49, 0x4c, 0x49, 0x54, 0x59, 0x5f, 0x50, 0x52, 0x49, 0x56, 0x41,
+	0x54, 0x45, 0x10, 0x02, 0x42, 0x31, 0x0a, 0x1c, 0x63, 0x6f, 0x6d, 0x2e, 0x73, 0x63, 0x68, 0x77,
+	0x61, 0x72, 0x7a, 0x2e, 0x73, 0x74, 0x61, 0x63, 0x6b, 0x69, 0x74, 0x2e, 0x61, 0x75, 0x64, 0x69,
+	0x74, 0x2e, 0x76, 0x31, 0x50, 0x01, 0x5a, 0x0f, 0x2e, 0x2f, 0x61, 0x75, 0x64, 0x69, 0x74, 0x3b,
+	0x61, 0x75, 0x64, 0x69, 0x74, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+})
 
 var (
 	file_audit_v1_routable_event_proto_rawDescOnce sync.Once

go.mod

@@ -1,88 +1,87 @@
 module dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git
 
-go 1.24.0
+go 1.23.0
 
 require (
-	buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.11-20251209175733-2a1774d88802.1
+	buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.5-20250307204501-0409229c3780.1
-	buf.build/go/protovalidate v1.1.0
+	github.com/Azure/go-amqp v1.4.0
-	github.com/Azure/go-amqp v1.5.1
+	github.com/bufbuild/protovalidate-go v0.9.2
-	github.com/docker/docker v28.5.2+incompatible
 	github.com/google/uuid v1.6.0
-	github.com/lestrrat-go/jwx/v2 v2.1.6
+	github.com/lestrrat-go/jwx/v2 v2.1.4
-	github.com/rs/zerolog v1.34.0
+	github.com/rs/zerolog v1.33.0
-	github.com/stretchr/testify v1.11.1
+	github.com/stretchr/testify v1.10.0
-	github.com/testcontainers/testcontainers-go v0.40.0
+	github.com/testcontainers/testcontainers-go v0.35.0
-	go.opentelemetry.io/otel v1.39.0
+	go.opentelemetry.io/otel v1.35.0
-	go.opentelemetry.io/otel/trace v1.39.0
+	go.opentelemetry.io/otel/trace v1.35.0
-	google.golang.org/protobuf v1.36.11
+	google.golang.org/protobuf v1.36.5
 )
 
 require (
-	cel.dev/expr v0.25.1 // indirect
+	cel.dev/expr v0.22.0 // indirect
-	dario.cat/mergo v1.0.2 // indirect
+	dario.cat/mergo v1.0.1 // indirect
+	github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/antlr4-go/antlr/v4 v4.13.1 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
-	github.com/cespare/xxhash/v2 v2.3.0 // indirect
-	github.com/containerd/errdefs v1.0.0 // indirect
-	github.com/containerd/errdefs/pkg v0.3.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/containerd/platforms v0.2.1 // indirect
 	github.com/cpuguy83/dockercfg v0.3.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 // indirect
 	github.com/distribution/reference v0.6.0 // indirect
-	github.com/docker/go-connections v0.6.0 // indirect
+	github.com/docker/docker v28.0.1+incompatible // indirect
+	github.com/docker/go-connections v0.5.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
-	github.com/ebitengine/purego v0.9.1 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/go-logr/logr v1.4.3 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-ole/go-ole v1.3.0 // indirect
 	github.com/goccy/go-json v0.10.5 // indirect
-	github.com/google/cel-go v0.26.1 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/klauspost/compress v1.18.2 // indirect
+	github.com/google/cel-go v0.24.1 // indirect
-	github.com/lestrrat-go/blackmagic v1.0.4 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3 // indirect
+	github.com/klauspost/compress v1.18.0 // indirect
+	github.com/lestrrat-go/blackmagic v1.0.2 // indirect
 	github.com/lestrrat-go/httpcc v1.0.1 // indirect
 	github.com/lestrrat-go/httprc v1.0.6 // indirect
 	github.com/lestrrat-go/iter v1.0.2 // indirect
 	github.com/lestrrat-go/option v1.0.1 // indirect
-	github.com/lufia/plan9stats v0.0.0-20251013123823-9fd1530e3ec3 // indirect
+	github.com/lufia/plan9stats v0.0.0-20250303091104-876f3ea5145d // indirect
-	github.com/magiconair/properties v1.8.10 // indirect
+	github.com/magiconair/properties v1.8.9 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/moby/docker-image-spec v1.3.1 // indirect
-	github.com/moby/go-archive v0.2.0 // indirect
 	github.com/moby/patternmatcher v0.6.0 // indirect
 	github.com/moby/sys/sequential v0.6.0 // indirect
-	github.com/moby/sys/user v0.4.0 // indirect
+	github.com/moby/sys/user v0.3.0 // indirect
 	github.com/moby/sys/userns v0.1.0 // indirect
 	github.com/moby/term v0.5.2 // indirect
-	github.com/morikuni/aec v1.1.0 // indirect
+	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.1 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect
-	github.com/segmentio/asm v1.2.1 // indirect
+	github.com/segmentio/asm v1.2.0 // indirect
-	github.com/shirou/gopsutil/v4 v4.25.12 // indirect
+	github.com/shirou/gopsutil/v3 v3.24.5 // indirect
+	github.com/shoenig/go-m1cpu v0.1.6 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
-	github.com/stoewer/go-strcase v1.3.1 // indirect
+	github.com/stoewer/go-strcase v1.3.0 // indirect
-	github.com/stretchr/objx v0.5.3 // indirect
+	github.com/stretchr/objx v0.5.2 // indirect
-	github.com/tklauser/go-sysconf v0.3.16 // indirect
+	github.com/tklauser/go-sysconf v0.3.15 // indirect
-	github.com/tklauser/numcpus v0.11.0 // indirect
+	github.com/tklauser/numcpus v0.10.0 // indirect
 	github.com/yusufpapurcu/wmi v1.2.4 // indirect
-	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
+	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.39.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0 // indirect
-	go.opentelemetry.io/otel/metric v1.39.0 // indirect
+	go.opentelemetry.io/otel/metric v1.35.0 // indirect
-	golang.org/x/crypto v0.46.0 // indirect
+	golang.org/x/crypto v0.36.0 // indirect
-	golang.org/x/exp v0.0.0-20251219203646-944ab1f22d93 // indirect
+	golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 // indirect
-	golang.org/x/sys v0.40.0 // indirect
+	golang.org/x/sys v0.31.0 // indirect
-	golang.org/x/text v0.33.0 // indirect
+	golang.org/x/text v0.23.0 // indirect
-	golang.org/x/time v0.14.0 // indirect
+	golang.org/x/time v0.11.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20251222181119-0a764e51fe1b // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20250313205543-e70fdf4c4cb4 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250313205543-e70fdf4c4cb4 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -1,33 +1,23 @@
-buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.11-20251209175733-2a1774d88802.1 h1:j9yeqTWEFrtimt8Nng2MIeRrpoCvQzM9/g25XTvqUGg=
+buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.5-20250307204501-0409229c3780.1 h1:j+l4+E1EEo83GVIxuqinfFOTyImSQUH90WfufE86xaI=
-buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.11-20251209175733-2a1774d88802.1/go.mod h1:tvtbpgaVXZX4g6Pn+AnzFycuRK3MOz5HJfEGeEllXYM=
+buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.5-20250307204501-0409229c3780.1/go.mod h1:eOqrCVUfhh7SLo00urDe/XhJHljj0dWMZirS0aX7cmc=
-buf.build/go/protovalidate v1.1.0 h1:pQqEQRpOo4SqS60qkvmhLTTQU9JwzEvdyiqAtXa5SeY=
+cel.dev/expr v0.22.0 h1:+hFFhLPmquBImfs1BiN2PZmkr5ASse2ZOuaxIs9e4R8=
-buf.build/go/protovalidate v1.1.0/go.mod h1:bGZcPiAQDC3ErCHK3t74jSoJDFOs2JH3d7LWuTEIdss=
+cel.dev/expr v0.22.0/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw=
-cel.dev/expr v0.25.1 h1:1KrZg61W6TWSxuNZ37Xy49ps13NUovb66QLprthtwi4=
+dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s=
-cel.dev/expr v0.25.1/go.mod h1:hrXvqGP6G6gyx8UAHSHJ5RGk//1Oj5nXQ2NI02Nrsg4=
+dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
-dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8=
-dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
-github.com/Azure/go-amqp v1.5.1 h1:WyiPTz2C3zVvDL7RLAqwWdeoYhMtX62MZzQoP09fzsU=
+github.com/Azure/go-amqp v1.4.0 h1:Xj3caqi4comOF/L1Uc5iuBxR/pB6KumejC01YQOqOR4=
-github.com/Azure/go-amqp v1.5.1/go.mod h1:vZAogwdrkbyK3Mla8m/CxSc/aKdnTZ4IbPxl51Y5WZE=
+github.com/Azure/go-amqp v1.4.0/go.mod h1:vZAogwdrkbyK3Mla8m/CxSc/aKdnTZ4IbPxl51Y5WZE=
 github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg=
 github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
 github.com/antlr4-go/antlr/v4 v4.13.1 h1:SqQKkuVZ+zWkMMNkjy5FZe5mr5WURWnlpmOuzYWrPrQ=
 github.com/antlr4-go/antlr/v4 v4.13.1/go.mod h1:GKmUxMtwp6ZgGwZSva4eWPC5mS6vUAmOABFgjdkM7Nw=
-github.com/brianvoe/gofakeit/v6 v6.28.0 h1:Xib46XXuQfmlLS2EXRuJpqcw8St6qSZz75OUo0tgAW4=
+github.com/bufbuild/protovalidate-go v0.9.2 h1:dUoPvFimovS74s3eeFNvHQOxFumRPsk390ifkzJCJ/4=
-github.com/brianvoe/gofakeit/v6 v6.28.0/go.mod h1:Xj58BMSnFqcn/fAQeSK+/PLtC5kSb7FJIq4JyGa8vEs=
+github.com/bufbuild/protovalidate-go v0.9.2/go.mod h1:U9+WHAa6IOrLuqQEWPcxsyE4QEOTwm9fDpVbWXsR0zU=
 github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
 github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
-github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM=
-github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw=
-github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
-github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI=
-github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
-github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE=
-github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk=
 github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
 github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
 github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A=
@@ -44,21 +34,21 @@ github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 h1:NMZiJj8QnKe1LgsbDayM4UoHwbvw
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0/go.mod h1:ZXNYxsqcloTdSy/rNShjYzMhyjf0LaoftYK0p+A3h40=
 github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
-github.com/docker/docker v28.5.2+incompatible h1:DBX0Y0zAjZbSrm1uzOkdr1onVghKaftjlSWt4AFexzM=
+github.com/docker/docker v28.0.1+incompatible h1:FCHjSRdXhNRFjlHMTv4jUNlIBbTeRjrWfeFuJp7jpo0=
-github.com/docker/docker v28.5.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v28.0.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/go-connections v0.6.0 h1:LlMG9azAe1TqfR7sO+NJttz1gy6KO7VJBh+pMmjSD94=
+github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=
-github.com/docker/go-connections v0.6.0/go.mod h1:AahvXYshr6JgfUJGdDCs2b5EZG/vmaMAntpSFH5BFKE=
+github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
-github.com/ebitengine/purego v0.9.1 h1:a/k2f2HQU3Pi399RPW1MOaZyhKJL9w/xFpKAg4q1s0A=
+github.com/envoyproxy/protoc-gen-validate v1.2.1 h1:DEo3O99U8j4hBFwbJfrz9VtgcDfUKS7KJ7spH3d86P8=
-github.com/ebitengine/purego v0.9.1/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ=
+github.com/envoyproxy/protoc-gen-validate v1.2.1/go.mod h1:d/C80l/jxXLdfEIhX1W2TmLfsJ31lvEjwamM4DxlWXU=
 github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw=
 github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
-github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
@@ -67,36 +57,40 @@ github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW
 github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
 github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/google/cel-go v0.26.1 h1:iPbVVEdkhTX++hpe3lzSk7D3G3QSYqLGoHOcEio+UXQ=
+github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
-github.com/google/cel-go v0.26.1/go.mod h1:A9O8OU9rdvrK5MQyrqfIxo1a0u4g3sF8KB6PUIaryMM=
+github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/google/cel-go v0.24.1 h1:jsBCtxG8mM5wiUJDSGUqU0K7Mtr3w7Eyv00rw4DiZxI=
+github.com/google/cel-go v0.24.1/go.mod h1:Hdf9TqOaTNSFQA1ybQaRqATVoK7m/zcf7IMhGXP5zI8=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 h1:NmZ1PKzSTQbuGHw9DGPFomqkkLWMC+vZCkfs+FHv1Vg=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3 h1:5ZPtiqj0JL5oKWmcsq4VMaAW5ukBEgSGXEN89zeH1Jo=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3/go.mod h1:zQrxl1YP88HQlA6i9c63DSVPFklWpGX4OWAc9bFuaH4=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3/go.mod h1:ndYquD05frm2vACXE1nsccT4oJzjhw2arTS2cpUD1PI=
-github.com/klauspost/compress v1.18.2 h1:iiPHWW0YrcFgpBYhsA6D1+fqHssJscY/Tm/y2Uqnapk=
+github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
-github.com/klauspost/compress v1.18.2/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
+github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/lestrrat-go/blackmagic v1.0.4 h1:IwQibdnf8l2KoO+qC3uT4OaTWsW7tuRQXy9TRN9QanA=
+github.com/lestrrat-go/blackmagic v1.0.2 h1:Cg2gVSc9h7sz9NOByczrbUvLopQmXrfFx//N+AkAr5k=
-github.com/lestrrat-go/blackmagic v1.0.4/go.mod h1:6AWFyKNNj0zEXQYfTMPfZrAXUWUfTIZ5ECEUEJaijtw=
+github.com/lestrrat-go/blackmagic v1.0.2/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU=
 github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE=
 github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E=
 github.com/lestrrat-go/httprc v1.0.6 h1:qgmgIRhpvBqexMJjA/PmwSvhNk679oqD1RbovdCGW8k=
 github.com/lestrrat-go/httprc v1.0.6/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo=
 github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI=
 github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4=
-github.com/lestrrat-go/jwx/v2 v2.1.6 h1:hxM1gfDILk/l5ylers6BX/Eq1m/pnxe9NBwW6lVfecA=
+github.com/lestrrat-go/jwx/v2 v2.1.4 h1:uBCMmJX8oRZStmKuMMOFb0Yh9xmEMgNJLgjuKKt4/qc=
-github.com/lestrrat-go/jwx/v2 v2.1.6/go.mod h1:Y722kU5r/8mV7fYDifjug0r8FK8mZdw0K0GpJw/l8pU=
+github.com/lestrrat-go/jwx/v2 v2.1.4/go.mod h1:nWRbDFR1ALG2Z6GJbBXzfQaYyvn751KuuyySN2yR6is=
 github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU=
 github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
-github.com/lufia/plan9stats v0.0.0-20251013123823-9fd1530e3ec3 h1:PwQumkgq4/acIiZhtifTV5OUqqiP82UAl0h87xj/l9k=
+github.com/lufia/plan9stats v0.0.0-20250303091104-876f3ea5145d h1:fjMbDVUGsMQiVZnSQsmouYJvMdwsGiDipOZoN66v844=
-github.com/lufia/plan9stats v0.0.0-20251013123823-9fd1530e3ec3/go.mod h1:autxFIvghDt3jPTLoqZ9OZ7s9qTGNAWmYCjVFWPX/zg=
+github.com/lufia/plan9stats v0.0.0-20250303091104-876f3ea5145d/go.mod h1:autxFIvghDt3jPTLoqZ9OZ7s9qTGNAWmYCjVFWPX/zg=
-github.com/magiconair/properties v1.8.10 h1:s31yESBquKXCV9a/ScB3ESkOjUYYv+X0rg8SYxI99mE=
+github.com/magiconair/properties v1.8.9 h1:nWcCbLq1N2v/cpNsy5WvQ37Fb+YElfq20WJ/a8RkpQM=
-github.com/magiconair/properties v1.8.10/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
+github.com/magiconair/properties v1.8.9/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
 github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
@@ -106,22 +100,18 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
 github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
-github.com/moby/go-archive v0.2.0 h1:zg5QDUM2mi0JIM9fdQZWC7U8+2ZfixfTYoHL7rWUcP8=
-github.com/moby/go-archive v0.2.0/go.mod h1:mNeivT14o8xU+5q1YnNrkQVpK+dnNe/K6fHqnTg4qPU=
 github.com/moby/patternmatcher v0.6.0 h1:GmP9lR19aU5GqSSFko+5pRqHi+Ohk1O69aFiKkVGiPk=
 github.com/moby/patternmatcher v0.6.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc=
-github.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw=
-github.com/moby/sys/atomicwriter v0.1.0/go.mod h1:Ul8oqv2ZMNHOceF643P6FKPXeCmYtlQMvpizfsSoaWs=
 github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU=
 github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko=
-github.com/moby/sys/user v0.4.0 h1:jhcMKit7SA80hivmFJcbB1vqmw//wU61Zdui2eQXuMs=
+github.com/moby/sys/user v0.3.0 h1:9ni5DlcW5an3SvRSx4MouotOygvzaXbaSrc/wGDFWPo=
-github.com/moby/sys/user v0.4.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs=
+github.com/moby/sys/user v0.3.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs=
 github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g=
 github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28=
 github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ=
 github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc=
-github.com/morikuni/aec v1.1.0 h1:vBBl0pUnvi/Je71dsRrhMBtreIqNMYErSAbEeb8jrXQ=
+github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
-github.com/morikuni/aec v1.1.0/go.mod h1:xDRgiq/iw5l+zkao76YTKzKttOp2cwPEne25HDkJnBw=
+github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
@@ -132,68 +122,87 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 h1:o4JXh1EVt9k/+g42oCprj/FisM4qX9L3sZB3upGN2ZU=
 github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
-github.com/rodaine/protogofakeit v0.1.1 h1:ZKouljuRM3A+TArppfBqnH8tGZHOwM/pjvtXe9DaXH8=
+github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
-github.com/rodaine/protogofakeit v0.1.1/go.mod h1:pXn/AstBYMaSfc1/RqH3N82pBuxtWgejz1AlYpY1mI0=
+github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
-github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
+github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
-github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
+github.com/rs/zerolog v1.33.0 h1:1cU2KZkvPxNyfgEmhHAz/1A9Bz+llsdYzklWFzgp0r8=
-github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=
+github.com/rs/zerolog v1.33.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss=
-github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY=
+github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys=
-github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ=
+github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs=
-github.com/segmentio/asm v1.2.1 h1:DTNbBqs57ioxAD4PrArqftgypG4/qNpXoJx8TVXxPR0=
+github.com/shirou/gopsutil/v3 v3.24.5 h1:i0t8kL+kQTvpAYToeuiVk3TgDeKOFioZO3Ztz/iZ9pI=
-github.com/segmentio/asm v1.2.1/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs=
+github.com/shirou/gopsutil/v3 v3.24.5/go.mod h1:bsoOS1aStSs9ErQ1WWfxllSeS1K5D+U30r2NfcubMVk=
-github.com/shirou/gopsutil/v4 v4.25.12 h1:e7PvW/0RmJ8p8vPGJH4jvNkOyLmbkXgXW4m6ZPic6CY=
+github.com/shoenig/go-m1cpu v0.1.6 h1:nxdKQNcEB6vzgA2E2bvzKIYRuNj7XNJ4S/aRSwKzFtM=
-github.com/shirou/gopsutil/v4 v4.25.12/go.mod h1:EivAfP5x2EhLp2ovdpKSozecVXn1TmuG7SMzs/Wh4PU=
+github.com/shoenig/go-m1cpu v0.1.6/go.mod h1:1JJMcUBvfNwpq05QDQVAnx3gUHr9IYF7GNg9SUEw2VQ=
+github.com/shoenig/test v0.6.4 h1:kVTaSd7WLz5WZ2IaoM0RSzRsUD+m8wRR+5qvntpn4LU=
+github.com/shoenig/test v0.6.4/go.mod h1:byHiCGXqrVaflBLAMq/srcZIHynQPQgeyvkvXnjqq0k=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/stoewer/go-strcase v1.3.1 h1:iS0MdW+kVTxgMoE1LAZyMiYJFKlOzLooE4MxjirtkAs=
+github.com/stoewer/go-strcase v1.3.0 h1:g0eASXYtp+yvN9fK8sH94oCIk0fau9uV1/ZdJ0AVEzs=
-github.com/stoewer/go-strcase v1.3.1/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo=
+github.com/stoewer/go-strcase v1.3.0/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
-github.com/stretchr/objx v0.5.3 h1:jmXUvGomnU1o3W/V5h2VEradbpJDwGrzugQQvL0POH4=
+github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
-github.com/stretchr/objx v0.5.3/go.mod h1:rDQraq+vQZU7Fde9LOZLr8Tax6zZvy4kuNKF+QYS+U0=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
-github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-github.com/testcontainers/testcontainers-go v0.40.0 h1:pSdJYLOVgLE8YdUY2FHQ1Fxu+aMnb6JfVz1mxk7OeMU=
+github.com/testcontainers/testcontainers-go v0.35.0 h1:uADsZpTKFAtp8SLK+hMwSaa+X+JiERHtd4sQAFmXeMo=
-github.com/testcontainers/testcontainers-go v0.40.0/go.mod h1:FSXV5KQtX2HAMlm7U3APNyLkkap35zNLxukw9oBi/MY=
+github.com/testcontainers/testcontainers-go v0.35.0/go.mod h1:oEVBj5zrfJTrgjwONs1SsRbnBtH9OKl+IGl3UMcr2B4=
-github.com/tklauser/go-sysconf v0.3.16 h1:frioLaCQSsF5Cy1jgRBrzr6t502KIIwQ0MArYICU0nA=
+github.com/tklauser/go-sysconf v0.3.15 h1:VE89k0criAymJ/Os65CSn1IXaol+1wrsFHEB8Ol49K4=
-github.com/tklauser/go-sysconf v0.3.16/go.mod h1:/qNL9xxDhc7tx3HSRsLWNnuzbVfh3e7gh/BmM179nYI=
+github.com/tklauser/go-sysconf v0.3.15/go.mod h1:Dmjwr6tYFIseJw7a3dRLJfsHAMXZ3nEnL/aZY+0IuI4=
-github.com/tklauser/numcpus v0.11.0 h1:nSTwhKH5e1dMNsCdVBukSZrURJRoHbSEQjdEbY+9RXw=
+github.com/tklauser/numcpus v0.10.0 h1:18njr6LDBk1zuna922MgdjQuJFjrdppsZG60sHGfjso=
-github.com/tklauser/numcpus v0.11.0/go.mod h1:z+LwcLq54uWZTX0u/bGobaV34u6V7KNlTZejzM6/3MQ=
+github.com/tklauser/numcpus v0.10.0/go.mod h1:BiTKazU708GQTYF4mB+cmlpT2Is1gLk7XVuEeem8LsQ=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0=
 github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
-go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
+go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
-go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
+go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0 h1:ssfIgGNANqpVFCndZvcuyKbl0g+UAVcbBcqGkG28H0Y=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 h1:sbiXRNDSWJOTobXh5HyQKjq6wUC5tNybqjIqDpAY4CU=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0/go.mod h1:GQ/474YrbE4Jx8gZ4q5I4hrhUzM6UPzyrqJYV2AqPoQ=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0/go.mod h1:69uWxva0WgAA/4bu2Yy70SLDBwZXuQ6PbBpbsa5iZrQ=
-go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48=
+go.opentelemetry.io/otel v1.35.0 h1:xKWKPxrxB6OtMCbmMY021CqC45J+3Onta9MqjhnusiQ=
-go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8=
+go.opentelemetry.io/otel v1.35.0/go.mod h1:UEqy8Zp11hpkUrL73gSlELM0DupHoiq72dR+Zqel/+Y=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.39.0 h1:f0cb2XPmrqn4XMy9PNliTgRKJgS5WcL/u0/WRYGz4t0=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0 h1:1fTNlAIJZGWLP5FVu0fikVry1IsiUnXjf7QFvoNN3Xw=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.39.0/go.mod h1:vnakAaFckOMiMtOIhFI2MNH4FYrZzXCYxmb1LlhoGz8=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0/go.mod h1:zjPK58DtkqQFn+YUMbx0M2XV3QgKU0gS9LeGohREyK4=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.39.0 h1:Ckwye2FpXkYgiHX7fyVrN1uA/UYd9ounqqTuSNAv0k4=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0 h1:xJ2qHD0C1BeYVTLLR9sX12+Qb95kfeD/byKj6Ky1pXg=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.39.0/go.mod h1:teIFJh5pW2y+AN7riv6IBPX2DuesS3HgP39mwOspKwU=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0/go.mod h1:u5BF1xyjstDowA1R5QAO9JHzqK+ublenEW/dyqTjBVk=
-go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0=
+go.opentelemetry.io/otel/metric v1.35.0 h1:0znxYu2SNyuMSQT4Y9WDWej0VpcsxkuklLa4/siN90M=
-go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs=
+go.opentelemetry.io/otel/metric v1.35.0/go.mod h1:nKVFgxBZ2fReX6IlyW28MgZojkoAkJGaE8CpgeAU3oE=
-go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18=
+go.opentelemetry.io/otel/sdk v1.35.0 h1:iPctf8iprVySXSKJffSS79eOjl9pvxV9ZqOWT0QejKY=
-go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE=
+go.opentelemetry.io/otel/sdk v1.35.0/go.mod h1:+ga1bZliga3DxJ3CQGg3updiaAJoNECOgJREo9KHGQg=
-go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8=
+go.opentelemetry.io/otel/sdk/metric v1.35.0 h1:1RriWBmCKgkeHEhM7a2uMjMUfP7MsOF5JpUCaEqEI9o=
-go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew=
+go.opentelemetry.io/otel/sdk/metric v1.35.0/go.mod h1:is6XYCUMpcKi+ZsOvfluY5YstFnhW0BidkR+gL+qN+w=
-go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI=
+go.opentelemetry.io/otel/trace v1.35.0 h1:dPpEfJu1sDIqruz7BHFG3c7528f6ddfSWfFDVt/xgMs=
-go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA=
+go.opentelemetry.io/otel/trace v1.35.0/go.mod h1:WUk7DtFp1Aw2MkvqGdwiXYDZZNvA/1J8o6xRXLrIkyc=
-go.opentelemetry.io/proto/otlp v1.9.0 h1:l706jCMITVouPOqEnii2fIAuO3IVGBRPV5ICjceRb/A=
+go.opentelemetry.io/proto/otlp v1.5.0 h1:xJvq7gMzB31/d406fB8U5CBdyQGw4P399D1aQWU/3i4=
-go.opentelemetry.io/proto/otlp v1.9.0/go.mod h1:xE+Cx5E/eEHw+ISFkwPLwCZefwVjY+pqKg1qcK03+/4=
+go.opentelemetry.io/proto/otlp v1.5.0/go.mod h1:keN8WnHxOy8PG0rQZjJJ5A2ebUoafqWp0eVQ4yIXvJ4=
-golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/exp v0.0.0-20251219203646-944ab1f22d93 h1:fQsdNF2N+/YewlRZiricy4P1iimyPKZ/xwniHj8Q2a0=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/exp v0.0.0-20251219203646-944ab1f22d93/go.mod h1:EPRbTFwzwjXj9NpYyyrvenVh9Y+GFeEvMNh7Xuz7xgU=
+golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
-golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
+golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
-golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
+golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 h1:nDVHiLt8aIbd/VzvPWN6kSOPE7+F/fNFDSXLVYkE/Iw=
+golang.org/x/exp v0.0.0-20250305212735-054e65f0b394/go.mod h1:sIifuuw/Yco/y6yb6+bDNfyeQ/MdPUy/hKEMYQV17cM=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c=
+golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -201,27 +210,37 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
+golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
-golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q=
+golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
-golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg=
+golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
-golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
+golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
-golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
+golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
-google.golang.org/genproto/googleapis/api v0.0.0-20251222181119-0a764e51fe1b h1:uA40e2M6fYRBf0+8uN5mLlqUtV192iiksiICIBkYJ1E=
+golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0=
-google.golang.org/genproto/googleapis/api v0.0.0-20251222181119-0a764e51fe1b/go.mod h1:Xa7le7qx2vmqB/SzWUBa7KdMjpdpAHlh5QCSnjessQk=
+golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b h1:Mv8VFug0MP9e5vUxfBcE3vUkV6CImK3cMNMIDFjmzxU=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b/go.mod h1:j9x/tPzZkyxcgEFkiKEEGxfvyumM01BEtsW8xzOahRQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-google.golang.org/grpc v1.77.0 h1:wVVY6/8cGA6vvffn+wWK5ToddbgdU3d8MNENr4evgXM=
+golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-google.golang.org/grpc v1.77.0/go.mod h1:z0BY1iVj0q8E1uSQCjL9cppRj+gnZjzDnzV0dHhrNig=
+golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/genproto/googleapis/api v0.0.0-20250313205543-e70fdf4c4cb4 h1:IFnXJq3UPB3oBREOodn1v1aGQeZYQclEmvWRMN0PSsY=
+google.golang.org/genproto/googleapis/api v0.0.0-20250313205543-e70fdf4c4cb4/go.mod h1:c8q6Z6OCqnfVIqUFJkCzKcrj8eCvUrz+K4KRzSTuANg=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250313205543-e70fdf4c4cb4 h1:iK2jbkWL86DXjEx0qiHcRE9dE4/Ahua5k6V8OWFb//c=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250313205543-e70fdf4c4cb4/go.mod h1:LuRYeWDFV6WOn90g357N17oMCaxpgCnbi/44qJvDn2I=
+google.golang.org/grpc v1.71.0 h1:kF77BGdPTQ4/JZWMlb9VpJ5pa25aqvVqogsxNHHdeBg=
+google.golang.org/grpc v1.71.0/go.mod h1:H0GRtasmQOh9LkFoCPDu3ZrwUtD1YGE+b2vYBYd/8Ec=
+google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
+google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=
+gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU=
-gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA=
+gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU=

internal/audit/api/api_common_test.go

@@ -1,477 +0,0 @@
-package api
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"strings"
-	"testing"
-	"time"
-
-	"buf.build/go/protovalidate"
-	"github.com/google/uuid"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/mock"
-	"google.golang.org/protobuf/proto"
-
-	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"
-	pkgAuditCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/audit/common"
-	pkgMessagingApi "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/messaging/api"
-)
-
-type MessagingApiMock struct {
-	mock.Mock
-}
-
-func (m *MessagingApiMock) Send(
-	ctx context.Context,
-	topic string,
-	data []byte,
-	contentType string,
-	applicationProperties map[string]any,
-) error {
-
-	args := m.Called(ctx, topic, data, contentType, applicationProperties)
-	return args.Error(0)
-}
-
-func (m *MessagingApiMock) Close(_ context.Context) error {
-	return nil
-}
-
-type TopicNameResolverMock struct {
-	mock.Mock
-}
-
-func (m *TopicNameResolverMock) Resolve(routableIdentifier *pkgAuditCommon.RoutableIdentifier) (string, error) {
-	args := m.Called(routableIdentifier)
-	return args.String(0), args.Error(1)
-}
-
-func NewValidator(t *testing.T) pkgAuditCommon.ProtobufValidator {
-	validator, err := protovalidate.New()
-	var protoValidator pkgAuditCommon.ProtobufValidator = validator
-	assert.NoError(t, err)
-
-	return protoValidator
-}
-
-func Test_ValidateAndSerializePartially_EventNil(t *testing.T) {
-	validator := NewValidator(t)
-
-	_, err := ValidateAndSerializePartially(
-		validator, nil, auditV1.Visibility_VISIBILITY_PUBLIC, nil)
-
-	assert.ErrorIs(t, err, pkgAuditCommon.ErrEventNil)
-}
-
-func Test_ValidateAndSerializePartially_AuditEventValidationFailed(t *testing.T) {
-	validator := NewValidator(t)
-
-	event, objectIdentifier := NewOrganizationAuditEvent(nil)
-	event.LogName = ""
-
-	_, err := ValidateAndSerializePartially(
-		validator, event, auditV1.Visibility_VISIBILITY_PUBLIC, pkgAuditCommon.NewRoutableIdentifier(objectIdentifier))
-
-	assert.EqualError(t, err, "validation error: log_name: value is required")
-}
-
-func Test_ValidateAndSerializePartially_RoutableEventValidationFailed(t *testing.T) {
-	validator := NewValidator(t)
-
-	event, objectIdentifier := NewOrganizationAuditEvent(nil)
-	_, err := ValidateAndSerializePartially(validator, event, 3, pkgAuditCommon.NewRoutableIdentifier(objectIdentifier))
-
-	assert.EqualError(t, err, "validation error: visibility: value must be one of the defined enum values")
-}
-
-func Test_ValidateAndSerializePartially_CheckVisibility_Event(t *testing.T) {
-	validator := NewValidator(t)
-
-	event, objectIdentifier := NewOrganizationAuditEvent(nil)
-
-	t.Run("Visibility public - object identifier nil", func(t *testing.T) {
-		_, err := ValidateAndSerializePartially(
-			validator, event, auditV1.Visibility_VISIBILITY_PUBLIC, nil)
-
-		assert.ErrorIs(t, err, pkgAuditCommon.ErrObjectIdentifierNil)
-	})
-
-	t.Run("Visibility private - object identifier nil", func(t *testing.T) {
-		_, err := ValidateAndSerializePartially(
-			validator, event, auditV1.Visibility_VISIBILITY_PRIVATE, nil)
-
-		assert.ErrorIs(t, err, pkgAuditCommon.ErrObjectIdentifierNil)
-	})
-
-	t.Run("Visibility public - object identifier system", func(t *testing.T) {
-		_, err := ValidateAndSerializePartially(
-			validator, event, auditV1.Visibility_VISIBILITY_PUBLIC, pkgAuditCommon.RoutableSystemIdentifier)
-
-		assert.ErrorIs(t, err, pkgAuditCommon.ErrObjectIdentifierVisibilityMismatch)
-	})
-
-	t.Run("Visibility public - object identifier set", func(t *testing.T) {
-		routableEvent, err := ValidateAndSerializePartially(
-			validator, event, auditV1.Visibility_VISIBILITY_PUBLIC, pkgAuditCommon.NewRoutableIdentifier(objectIdentifier))
-
-		assert.NoError(t, err)
-		assert.NotNil(t, routableEvent)
-	})
-
-	t.Run("Visibility private - object identifier system", func(t *testing.T) {
-		_, err := ValidateAndSerializePartially(
-			validator, event, auditV1.Visibility_VISIBILITY_PRIVATE, pkgAuditCommon.RoutableSystemIdentifier)
-
-		assert.ErrorIs(t, err, pkgAuditCommon.ErrAttributeIdentifierInvalid)
-	})
-
-	t.Run("Visibility private - object identifier set", func(t *testing.T) {
-		routableEvent, err := ValidateAndSerializePartially(
-			validator, event, auditV1.Visibility_VISIBILITY_PRIVATE, pkgAuditCommon.NewRoutableIdentifier(objectIdentifier))
-
-		assert.NoError(t, err)
-		assert.NotNil(t, routableEvent)
-	})
-}
-
-func Test_ValidateAndSerializePartially_CheckVisibility_SystemEvent(t *testing.T) {
-	validator := NewValidator(t)
-
-	event := NewSystemAuditEvent(nil)
-
-	t.Run("Visibility public - object identifier nil", func(t *testing.T) {
-		_, err := ValidateAndSerializePartially(
-			validator, event, auditV1.Visibility_VISIBILITY_PUBLIC, nil)
-
-		assert.ErrorIs(t, err, pkgAuditCommon.ErrObjectIdentifierNil)
-	})
-
-	t.Run("Visibility private - object identifier  nil", func(t *testing.T) {
-		_, err := ValidateAndSerializePartially(
-			validator, event, auditV1.Visibility_VISIBILITY_PRIVATE, nil)
-
-		assert.ErrorIs(t, err, pkgAuditCommon.ErrObjectIdentifierNil)
-	})
-
-	t.Run("Visibility public - object identifier system", func(t *testing.T) {
-		_, err := ValidateAndSerializePartially(
-			validator, event, auditV1.Visibility_VISIBILITY_PUBLIC, pkgAuditCommon.RoutableSystemIdentifier)
-
-		assert.ErrorIs(t, err, pkgAuditCommon.ErrObjectIdentifierVisibilityMismatch)
-	})
-
-	t.Run("Visibility public - object identifier set", func(t *testing.T) {
-		_, err := ValidateAndSerializePartially(
-			validator, event, auditV1.Visibility_VISIBILITY_PUBLIC, pkgAuditCommon.NewRoutableIdentifier(
-				&auditV1.ObjectIdentifier{Identifier: uuid.NewString(), Type: string(pkgAuditCommon.ObjectTypeOrganization)}))
-
-		assert.ErrorIs(t, err, pkgAuditCommon.ErrInvalidRoutableIdentifierForSystemEvent)
-	})
-
-	t.Run("Visibility private - object identifier system", func(t *testing.T) {
-		routableEvent, err := ValidateAndSerializePartially(
-			validator, event, auditV1.Visibility_VISIBILITY_PRIVATE, pkgAuditCommon.RoutableSystemIdentifier)
-
-		assert.NoError(t, err)
-		assert.NotNil(t, routableEvent)
-	})
-
-	t.Run("Visibility private - object identifier set", func(t *testing.T) {
-		_, err := ValidateAndSerializePartially(
-			validator, event, auditV1.Visibility_VISIBILITY_PRIVATE, pkgAuditCommon.NewRoutableIdentifier(
-				&auditV1.ObjectIdentifier{Identifier: uuid.NewString(), Type: string(pkgAuditCommon.ObjectTypeOrganization)}))
-
-		assert.ErrorIs(t, err, pkgAuditCommon.ErrInvalidRoutableIdentifierForSystemEvent)
-	})
-}
-
-func Test_ValidateAndSerializePartially_UnsupportedIdentifierType(t *testing.T) {
-	validator := NewValidator(t)
-
-	event, objectIdentifier := NewFolderAuditEvent(nil)
-	objectIdentifier.Type = "invalid"
-
-	_, err := ValidateAndSerializePartially(
-		validator, event, auditV1.Visibility_VISIBILITY_PUBLIC, pkgAuditCommon.NewRoutableIdentifier(objectIdentifier))
-
-	assert.ErrorIs(t, err, pkgAuditCommon.ErrUnsupportedRoutableType)
-}
-
-func Test_ValidateAndSerializePartially_LogNameIdentifierMismatch(t *testing.T) {
-	validator := NewValidator(t)
-
-	event, objectIdentifier := NewFolderAuditEvent(nil)
-	parts := strings.Split(event.LogName, "/")
-	identifier := parts[1]
-
-	t.Run("LogName type mismatch", func(t *testing.T) {
-		event.LogName = fmt.Sprintf("projects/%s/logs/admin-activity", identifier)
-		_, err := ValidateAndSerializePartially(
-			validator, event, auditV1.Visibility_VISIBILITY_PUBLIC, pkgAuditCommon.NewRoutableIdentifier(objectIdentifier))
-
-		assert.ErrorIs(t, err, pkgAuditCommon.ErrAttributeTypeInvalid)
-	})
-
-	t.Run("LogName identifier mismatch", func(t *testing.T) {
-		event.LogName = fmt.Sprintf("folders/%s/logs/admin-activity", uuid.NewString())
-		_, err := ValidateAndSerializePartially(
-			validator, event, auditV1.Visibility_VISIBILITY_PUBLIC, pkgAuditCommon.NewRoutableIdentifier(objectIdentifier))
-
-		assert.ErrorIs(t, err, pkgAuditCommon.ErrAttributeIdentifierInvalid)
-	})
-}
-
-func Test_ValidateAndSerializePartially_ResourceNameIdentifierMismatch(t *testing.T) {
-	validator := NewValidator(t)
-
-	event, objectIdentifier := NewFolderAuditEvent(nil)
-	parts := strings.Split(event.ProtoPayload.ResourceName, "/")
-	identifier := parts[1]
-
-	t.Run("ResourceName type mismatch", func(t *testing.T) {
-		event.ProtoPayload.ResourceName = fmt.Sprintf("projects/%s", identifier)
-		_, err := ValidateAndSerializePartially(
-			validator, event, auditV1.Visibility_VISIBILITY_PUBLIC, pkgAuditCommon.NewRoutableIdentifier(objectIdentifier))
-
-		assert.ErrorIs(t, err, pkgAuditCommon.ErrAttributeTypeInvalid)
-	})
-
-	t.Run("ResourceName identifier mismatch", func(t *testing.T) {
-		event.ProtoPayload.ResourceName = fmt.Sprintf("folders/%s", uuid.NewString())
-		_, err := ValidateAndSerializePartially(
-			validator, event, auditV1.Visibility_VISIBILITY_PUBLIC, pkgAuditCommon.NewRoutableIdentifier(objectIdentifier))
-
-		assert.ErrorIs(t, err, pkgAuditCommon.ErrAttributeIdentifierInvalid)
-	})
-}
-
-func Test_ValidateAndSerializePartially_SystemEvent(t *testing.T) {
-	validator := NewValidator(t)
-
-	event := NewSystemAuditEvent(nil)
-
-	routableEvent, err := ValidateAndSerializePartially(
-		validator, event, auditV1.Visibility_VISIBILITY_PRIVATE, pkgAuditCommon.RoutableSystemIdentifier)
-
-	assert.NoError(t, err)
-	assert.Equal(t, event.LogName, fmt.Sprintf("system/%s/logs/%s", pkgAuditCommon.SystemIdentifier.Identifier, pkgAuditCommon.EventTypeSystemEvent))
-	assert.True(t, proto.Equal(routableEvent.ObjectIdentifier, pkgAuditCommon.SystemIdentifier))
-}
-
-func Test_Send_TopicNameResolverNil(t *testing.T) {
-	err := Send(nil, nil, context.Background(), nil, nil)
-	assert.ErrorIs(t, err, pkgAuditCommon.ErrTopicNameResolverNil)
-}
-
-func Test_Send_TopicNameResolutionError(t *testing.T) {
-	expectedError := errors.New("expected error")
-
-	topicNameResolverMock := TopicNameResolverMock{}
-	topicNameResolverMock.On("Resolve", mock.Anything).Return("topic", expectedError)
-	var topicNameResolver pkgAuditCommon.TopicNameResolver = &topicNameResolverMock
-
-	var cloudEvent = pkgAuditCommon.CloudEvent{}
-
-	var messagingApi pkgMessagingApi.Api = &pkgMessagingApi.AmqpApi{}
-	err := Send(topicNameResolver, messagingApi, context.Background(), pkgAuditCommon.RoutableSystemIdentifier, &cloudEvent)
-	assert.ErrorIs(t, err, expectedError)
-}
-
-func Test_Send_MessagingApiNil(t *testing.T) {
-	var topicNameResolver pkgAuditCommon.TopicNameResolver = &pkgAuditCommon.StaticTopicNameTestResolver{TopicName: "test"}
-	err := Send(topicNameResolver, nil, context.Background(), nil, nil)
-	assert.ErrorIs(t, err, pkgAuditCommon.ErrMessagingApiNil)
-}
-
-func Test_Send_CloudEventNil(t *testing.T) {
-	var topicNameResolver pkgAuditCommon.TopicNameResolver = &pkgAuditCommon.StaticTopicNameTestResolver{TopicName: "test"}
-	var messagingApi pkgMessagingApi.Api = &pkgMessagingApi.AmqpApi{}
-
-	err := Send(topicNameResolver, messagingApi, context.Background(), nil, nil)
-	assert.ErrorIs(t, err, pkgAuditCommon.ErrCloudEventNil)
-}
-
-func Test_Send_ObjectIdentifierNil(t *testing.T) {
-	var topicNameResolver pkgAuditCommon.TopicNameResolver = &pkgAuditCommon.StaticTopicNameTestResolver{TopicName: "test"}
-	var messagingApi pkgMessagingApi.Api = &pkgMessagingApi.AmqpApi{}
-	var cloudEvent = pkgAuditCommon.CloudEvent{}
-
-	err := Send(topicNameResolver, messagingApi, context.Background(), nil, &cloudEvent)
-	assert.ErrorIs(t, err, pkgAuditCommon.ErrObjectIdentifierNil)
-}
-
-func Test_Send_UnsupportedObjectIdentifierType(t *testing.T) {
-	var topicNameResolver pkgAuditCommon.TopicNameResolver = &pkgAuditCommon.StaticTopicNameTestResolver{TopicName: "test"}
-	var messagingApi pkgMessagingApi.Api = &pkgMessagingApi.AmqpApi{}
-	var cloudEvent = pkgAuditCommon.CloudEvent{}
-	var objectIdentifier = auditV1.ObjectIdentifier{Identifier: uuid.NewString(), Type: "unsupported"}
-
-	err := Send(topicNameResolver, messagingApi, context.Background(), pkgAuditCommon.NewRoutableIdentifier(&objectIdentifier), &cloudEvent)
-	assert.ErrorIs(t, err, pkgAuditCommon.ErrUnsupportedRoutableType)
-}
-
-func Test_Send(t *testing.T) {
-	topicNameResolverMock := TopicNameResolverMock{}
-	topicNameResolverMock.On("Resolve", mock.Anything).Return("topic", nil)
-	var topicNameResolver pkgAuditCommon.TopicNameResolver = &topicNameResolverMock
-
-	messagingApiMock := MessagingApiMock{}
-	messagingApiMock.On("Send", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(nil)
-	var messagingApi pkgMessagingApi.Api = &messagingApiMock
-
-	var cloudEvent = pkgAuditCommon.CloudEvent{}
-	assert.NoError(t, Send(topicNameResolver, messagingApi, context.Background(), pkgAuditCommon.RoutableSystemIdentifier, &cloudEvent))
-	assert.True(t, messagingApiMock.AssertNumberOfCalls(t, "Send", 1))
-}
-
-func Test_SendAllHeadersSet(t *testing.T) {
-	topicNameResolverMock := TopicNameResolverMock{}
-	topicNameResolverMock.On("Resolve", mock.Anything).Return("topic", nil)
-	var topicNameResolver pkgAuditCommon.TopicNameResolver = &topicNameResolverMock
-
-	messagingApiMock := MessagingApiMock{}
-	messagingApiMock.On("Send", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(nil)
-	var messagingApi pkgMessagingApi.Api = &messagingApiMock
-
-	traceState := "rojo=00f067aa0ba902b7,congo=t61rcWkgMzE"
-	traceParent := "00-4bf92f3577b34da6a3ce929d0e0e4736-00f067aa0ba902b7-01"
-	expectedTime := time.Now()
-	var cloudEvent = pkgAuditCommon.CloudEvent{
-		SpecVersion:     "1.0",
-		Source:          "resourcemanager",
-		Id:              "id",
-		Time:            expectedTime,
-		DataContentType: pkgAuditCommon.ContentTypeCloudEventsProtobuf,
-		DataType:        "type",
-		Subject:         "subject",
-		TraceParent:     &traceParent,
-		TraceState:      &traceState,
-	}
-	assert.NoError(t, Send(topicNameResolver, messagingApi, context.Background(), pkgAuditCommon.RoutableSystemIdentifier, &cloudEvent))
-	assert.True(t, messagingApiMock.AssertNumberOfCalls(t, "Send", 1))
-
-	arguments := messagingApiMock.Calls[0].Arguments
-	topic := arguments.Get(1).(string)
-	assert.Equal(t, "topic", topic)
-
-	contentType := arguments.Get(3).(string)
-	assert.Equal(t, pkgAuditCommon.ContentTypeCloudEventsProtobuf, contentType)
-
-	applicationProperties := arguments.Get(4).(map[string]any)
-	assert.Equal(t, "1.0", applicationProperties["cloudEvents:specversion"])
-	assert.Equal(t, "resourcemanager", applicationProperties["cloudEvents:source"])
-	assert.Equal(t, "id", applicationProperties["cloudEvents:id"])
-	assert.Equal(t, expectedTime.UnixMilli(), applicationProperties["cloudEvents:time"])
-	assert.Equal(t, pkgAuditCommon.ContentTypeCloudEventsProtobuf, applicationProperties["cloudEvents:datacontenttype"])
-	assert.Equal(t, "type", applicationProperties["cloudEvents:type"])
-	assert.Equal(t, "subject", applicationProperties["cloudEvents:subject"])
-	assert.Equal(t, traceParent, applicationProperties["cloudEvents:traceparent"])
-	assert.Equal(t, traceState, applicationProperties["cloudEvents:tracestate"])
-	messagingApiMock.AssertExpectations(t)
-}
-
-func Test_SendWithoutOptionalHeadersSet(t *testing.T) {
-	topicNameResolverMock := TopicNameResolverMock{}
-	topicNameResolverMock.On("Resolve", mock.Anything).Return("topic", nil)
-	var topicNameResolver pkgAuditCommon.TopicNameResolver = &topicNameResolverMock
-
-	messagingApiMock := MessagingApiMock{}
-	messagingApiMock.On("Send", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(nil)
-	var messagingApi pkgMessagingApi.Api = &messagingApiMock
-
-	expectedTime := time.Now()
-	var cloudEvent = pkgAuditCommon.CloudEvent{
-		SpecVersion:     "1.0",
-		Source:          "resourcemanager",
-		Id:              "id",
-		Time:            expectedTime,
-		DataContentType: pkgAuditCommon.ContentTypeCloudEventsProtobuf,
-		DataType:        "type",
-		Subject:         "subject",
-	}
-	assert.NoError(t, Send(topicNameResolver, messagingApi, context.Background(), pkgAuditCommon.RoutableSystemIdentifier, &cloudEvent))
-	assert.True(t, messagingApiMock.AssertNumberOfCalls(t, "Send", 1))
-
-	arguments := messagingApiMock.Calls[0].Arguments
-	topic := arguments.Get(1).(string)
-	assert.Equal(t, "topic", topic)
-
-	contentType := arguments.Get(3).(string)
-	assert.Equal(t, pkgAuditCommon.ContentTypeCloudEventsProtobuf, contentType)
-
-	applicationProperties := arguments.Get(4).(map[string]any)
-	assert.Equal(t, "1.0", applicationProperties["cloudEvents:specversion"])
-	assert.Equal(t, "resourcemanager", applicationProperties["cloudEvents:source"])
-	assert.Equal(t, "id", applicationProperties["cloudEvents:id"])
-	assert.Equal(t, expectedTime.UnixMilli(), applicationProperties["cloudEvents:time"])
-	assert.Equal(t, pkgAuditCommon.ContentTypeCloudEventsProtobuf, applicationProperties["cloudEvents:datacontenttype"])
-	assert.Equal(t, "type", applicationProperties["cloudEvents:type"])
-	assert.Equal(t, "subject", applicationProperties["cloudEvents:subject"])
-	assert.Equal(t, nil, applicationProperties["cloudEvents:traceparent"])
-	assert.Equal(t, nil, applicationProperties["cloudEvents:tracestate"])
-	messagingApiMock.AssertExpectations(t)
-}
-
-func Test_ValidateTopicNames(t *testing.T) {
-	t.Run("conway", func(t *testing.T) {
-		topicName := "topic://stackit-platform/t/swz/audit-log/conway/v1.0/service-name/events"
-		assert.True(t, TopicNamePattern.MatchString(topicName))
-	})
-
-	t.Run("eu01", func(t *testing.T) {
-		topicName := "topic://stackit-platform/t/swz/audit-log/eu01/v1.0/service-name/events"
-		assert.True(t, TopicNamePattern.MatchString(topicName))
-	})
-
-	t.Run("eu02", func(t *testing.T) {
-		topicName := "topic://stackit-platform/t/swz/audit-log/eu02/v1.0/service-name/events"
-		assert.True(t, TopicNamePattern.MatchString(topicName))
-	})
-
-	t.Run("sx-stoi01", func(t *testing.T) {
-		topicName := "topic://stackit-platform/t/swz/audit-log/sx-stoi01/v1.0/service-name/events"
-		assert.True(t, TopicNamePattern.MatchString(topicName))
-	})
-
-	t.Run("version without decimals", func(t *testing.T) {
-		topicName := "topic://stackit-platform/t/swz/audit-log/eu01/v1/service-name/events"
-		assert.True(t, TopicNamePattern.MatchString(topicName))
-	})
-
-	t.Run("version as uppercase", func(t *testing.T) {
-		topicName := "topic://stackit-platform/t/swz/audit-log/eu01/V1.0/service-name/events"
-		assert.True(t, TopicNamePattern.MatchString(topicName))
-	})
-
-	t.Run("service name without dash", func(t *testing.T) {
-		topicName := "topic://stackit-platform/t/swz/audit-log/eu01/v1.0/service/events"
-		assert.True(t, TopicNamePattern.MatchString(topicName))
-	})
-
-	t.Run("multiple additional parts", func(t *testing.T) {
-		topicName := "topic://stackit-platform/t/swz/audit-log/eu01/v1.0/service-name/multiple/additional/parts"
-		assert.True(t, TopicNamePattern.MatchString(topicName))
-	})
-
-	t.Run("additional parts with dash", func(t *testing.T) {
-		topicName := "topic://stackit-platform/t/swz/audit-log/eu01/v1.0/service-name/multiple-additional/parts"
-		assert.True(t, TopicNamePattern.MatchString(topicName))
-	})
-
-	t.Run("topic prefix missing", func(t *testing.T) {
-		topicName := "stackit-platform/t/swz/audit-log/eu01/v1.0/service-name/events"
-		assert.False(t, TopicNamePattern.MatchString(topicName))
-	})
-
-	t.Run("invalid region", func(t *testing.T) {
-		topicName := "topic://stackit-platform/t/swz/audit-log/invalid/v1.0/service-name/events"
-		assert.False(t, TopicNamePattern.MatchString(topicName))
-	})
-
-	t.Run("additional parts missing", func(t *testing.T) {
-		topicName := "topic://stackit-platform/t/swz/audit-log/eu01/v1.0/service-name"
-		assert.False(t, TopicNamePattern.MatchString(topicName))
-	})
-}

pkg/audit/api/utils.go

@@ -1,91 +0,0 @@
-package api
-
-import (
-	"encoding/json"
-	"net"
-	"regexp"
-	"strings"
-
-	"google.golang.org/protobuf/encoding/protojson"
-	"google.golang.org/protobuf/proto"
-
-	pkgAuditCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/audit/common"
-)
-
-var objectTypeIdPattern = regexp.MustCompile(".*/(projects|folders|organizations)/([0-9a-fA-F-]{36})(?:/.*)?")
-
-// GetCalledServiceNameFromRequest extracts the called service name from subdomain name
-func GetCalledServiceNameFromRequest(request *pkgAuditCommon.ApiRequest, fallbackName string) string {
-	if request == nil {
-		return fallbackName
-	}
-
-	var calledServiceName = fallbackName
-	host := request.Host
-	ip := net.ParseIP(host)
-	if ip == nil && !strings.Contains(host, "localhost") {
-		dotIdx := strings.Index(host, ".")
-		if dotIdx != -1 {
-			calledServiceName = host[0:dotIdx]
-		}
-	}
-	return calledServiceName
-}
-
-func GetObjectIdAndTypeFromUrlPath(path string) (
-	string,
-	*pkgAuditCommon.ObjectType,
-	error,
-) {
-
-	// Extract object id and type from request url
-	objectTypeIdMatches := objectTypeIdPattern.FindStringSubmatch(path)
-	if len(objectTypeIdMatches) > 0 {
-		objectType := pkgAuditCommon.ObjectTypeFromPluralString(objectTypeIdMatches[1])
-		err := objectType.IsSupportedType()
-		if err != nil {
-			return "", nil, err
-		}
-
-		objectId := objectTypeIdMatches[2]
-
-		return objectId, &objectType, nil
-	}
-
-	return "", nil, nil
-}
-
-// ResponseBodyToBytes converts a JSON or Protobuf response into a byte array
-func ResponseBodyToBytes(response any) ([]byte, error) {
-	if response == nil {
-		return nil, nil
-	}
-
-	responseBytes, isBytes := response.([]byte)
-	if isBytes {
-		return responseBytes, nil
-	}
-
-	responseProtoMessage, isProtoMessage := response.(proto.Message)
-	if isProtoMessage {
-		responseJson, err := protojson.Marshal(responseProtoMessage)
-		if err != nil {
-			return nil, err
-		}
-		return responseJson, nil
-	}
-
-	responseJson, err := json.Marshal(response)
-	if err != nil {
-		return nil, err
-	}
-	return responseJson, nil
-}
-
-func ToArrayMap(input map[string]string) map[string][]string {
-	output := map[string][]string{}
-	for key, value := range input {
-		output[key] = []string{value}
-	}
-	return output
-}

pkg/audit/api/utils_test.go

@@ -1,154 +0,0 @@
-package api
-
-import (
-	"encoding/json"
-	"testing"
-
-	"github.com/google/uuid"
-	"github.com/stretchr/testify/assert"
-	"google.golang.org/protobuf/encoding/protojson"
-
-	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1"
-	pkgAuditCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/audit/common"
-)
-
-func Test_GetCalledServiceNameFromRequest(t *testing.T) {
-
-	t.Run("request is nil", func(t *testing.T) {
-		serviceName := GetCalledServiceNameFromRequest(nil, "resource-manager")
-		assert.Equal(t, "resource-manager", serviceName)
-	})
-
-	t.Run("localhost", func(t *testing.T) {
-		request := pkgAuditCommon.ApiRequest{Host: "localhost:8080"}
-		serviceName := GetCalledServiceNameFromRequest(&request, "resource-manager")
-		assert.Equal(t, "resource-manager", serviceName)
-	})
-
-	t.Run("cf", func(t *testing.T) {
-		request := pkgAuditCommon.ApiRequest{Host: "stackit-resource-manager-go-dev.apps.01.cf.eu01.stackit.cloud"}
-		serviceName := GetCalledServiceNameFromRequest(&request, "resource-manager")
-		assert.Equal(t, "stackit-resource-manager-go-dev", serviceName)
-	})
-
-	t.Run("cf invalid host", func(t *testing.T) {
-		request := pkgAuditCommon.ApiRequest{Host: ""}
-		serviceName := GetCalledServiceNameFromRequest(&request, "resource-manager")
-		assert.Equal(t, "resource-manager", serviceName)
-	})
-
-	t.Run("ip", func(t *testing.T) {
-		request := pkgAuditCommon.ApiRequest{Host: "127.0.0.1"}
-		serviceName := GetCalledServiceNameFromRequest(&request, "resource-manager")
-		assert.Equal(t, "resource-manager", serviceName)
-	},
-	)
-
-	t.Run("ip short", func(t *testing.T) {
-		request := pkgAuditCommon.ApiRequest{Host: "::1"}
-		serviceName := GetCalledServiceNameFromRequest(&request, "resource-manager")
-		assert.Equal(t, "resource-manager", serviceName)
-	},
-	)
-}
-
-func Test_GetObjectIdAndTypeFromUrlPath(t *testing.T) {
-
-	t.Run("object id and type not in url", func(t *testing.T) {
-		objectId, objectType, err := GetObjectIdAndTypeFromUrlPath("/v2/projects/audit")
-		assert.NoError(t, err)
-		assert.Equal(t, "", objectId)
-		assert.Nil(t, objectType)
-	})
-
-	t.Run("object id and type in url", func(t *testing.T) {
-		objectId, objectType, err := GetObjectIdAndTypeFromUrlPath("/v2/projects/f17d4064-9b65-4334-b6a7-8fed96340124")
-		assert.NoError(t, err)
-		assert.Equal(t, "f17d4064-9b65-4334-b6a7-8fed96340124", objectId)
-		assert.Equal(t, pkgAuditCommon.ObjectTypeProject, *objectType)
-	})
-
-	t.Run("multiple object ids and types in url", func(t *testing.T) {
-		objectId, objectType, err := GetObjectIdAndTypeFromUrlPath("/v2/organization/8ee58bec-d496-4bb9-af8d-72fda4d78b6b/projects/f17d4064-9b65-4334-b6a7-8fed96340124")
-		assert.NoError(t, err)
-		assert.Equal(t, "f17d4064-9b65-4334-b6a7-8fed96340124", objectId)
-		assert.Equal(t, pkgAuditCommon.ObjectTypeProject, *objectType)
-	})
-}
-
-func Test_ResponseBodyToBytes(t *testing.T) {
-
-	t.Run(
-		"nil response body", func(t *testing.T) {
-			bytes, err := ResponseBodyToBytes(nil)
-			assert.Nil(t, bytes)
-			assert.Nil(t, err)
-		},
-	)
-
-	t.Run(
-		"bytes", func(t *testing.T) {
-			responseBody := []byte("data")
-			bytes, err := ResponseBodyToBytes(responseBody)
-			assert.Nil(t, err)
-			assert.Equal(t, responseBody, bytes)
-		},
-	)
-
-	t.Run(
-		"Protobuf message", func(t *testing.T) {
-			protobufMessage := auditV1.ObjectIdentifier{Identifier: uuid.NewString(), Type: string(pkgAuditCommon.ObjectTypeProject)}
-			bytes, err := ResponseBodyToBytes(&protobufMessage)
-			assert.Nil(t, err)
-
-			expected, err := protojson.Marshal(&protobufMessage)
-			assert.Nil(t, err)
-			assert.Equal(t, expected, bytes)
-		},
-	)
-
-	t.Run(
-		"struct", func(t *testing.T) {
-			type CustomObject struct {
-				Value string
-			}
-
-			responseBody := CustomObject{Value: "data"}
-			bytes, err := ResponseBodyToBytes(responseBody)
-			assert.Nil(t, err)
-
-			expected, err := json.Marshal(responseBody)
-			assert.Nil(t, err)
-			assert.Equal(t, expected, bytes)
-		},
-	)
-
-	t.Run(
-		"map", func(t *testing.T) {
-
-			responseBody := map[string]interface{}{"value": "data"}
-			bytes, err := ResponseBodyToBytes(responseBody)
-			assert.Nil(t, err)
-
-			expected, err := json.Marshal(responseBody)
-			assert.Nil(t, err)
-			assert.Equal(t, expected, bytes)
-		},
-	)
-}
-
-func Test_ToArrayMap(t *testing.T) {
-
-	t.Run("empty map", func(t *testing.T) {
-		result := ToArrayMap(map[string]string{})
-		assert.Equal(t, map[string][]string{}, result)
-	})
-
-	t.Run("empty map", func(t *testing.T) {
-		result := ToArrayMap(map[string]string{"key1": "value1", "key2": "value2"})
-		assert.Equal(t, map[string][]string{
-			"key1": {"value1"},
-			"key2": {"value2"},
-		}, result)
-	})
-}

pkg/audit/common/errors.go

@@ -1,49 +0,0 @@
-package common
-
-import (
-	"errors"
-)
-
-// ErrAttributeIdentifierInvalid indicates that the object identifier
-// and the identifier in the checked attribute do not match
-var ErrAttributeIdentifierInvalid = errors.New("attribute identifier invalid")
-
-// ErrAttributeTypeInvalid indicates that an invalid type has been provided.
-var ErrAttributeTypeInvalid = errors.New("attribute type invalid")
-
-// ErrCloudEventNil states that the given cloud event is nil
-var ErrCloudEventNil = errors.New("cloud event nil")
-
-// ErrEventNil indicates that the event was nil
-var ErrEventNil = errors.New("event is nil")
-
-// ErrInvalidRoutableIdentifierForSystemEvent states that the routable identifier is not valid for a system event
-var ErrInvalidRoutableIdentifierForSystemEvent = errors.New("invalid identifier for system event")
-
-// ErrMessagingApiNil states that the messaging api is nilØØ
-var ErrMessagingApiNil = errors.New("messaging api nil")
-
-// ErrObjectIdentifierNil indicates that the object identifier was nil
-var ErrObjectIdentifierNil = errors.New("object identifier is nil")
-
-// ErrObjectIdentifierVisibilityMismatch indicates that a reference mismatch was detected.
-//
-//	Valid combinations are:
-//	* Visibility: Public, ObjectIdentifier: <type>
-//	* Visibility: Private, ObjectIdentifier: <type | system>
-var ErrObjectIdentifierVisibilityMismatch = errors.New("object reference visibility mismatch")
-
-// ErrTopicNameResolverNil states that the topic name resolve is nil
-var ErrTopicNameResolverNil = errors.New("topic name resolver nil")
-
-// ErrUnknownObjectType indicates that the given input is an unknown object type
-var ErrUnknownObjectType = errors.New("unknown object type")
-
-// ErrUnsupportedEventTypeDataAccess states that the event type "data-access" is currently not supported
-var ErrUnsupportedEventTypeDataAccess = errors.New("unsupported event type data access")
-
-// ErrUnsupportedObjectIdentifierType indicates that an unsupported object identifier type has been provided
-var ErrUnsupportedObjectIdentifierType = errors.New("unsupported object identifier type")
-
-// ErrUnsupportedRoutableType indicates that the given input is an unsupported routable type
-var ErrUnsupportedRoutableType = errors.New("unsupported routable type")

pkg/audit/common/model.go

@@ -1,59 +0,0 @@
-package common
-
-type ApiRequest struct {
-
-	// Body
-	//
-	// Required: false
-	Body []byte
-
-	// The (HTTP) request headers / gRPC metadata.
-	//
-	// Internal IP-Addresses have to be removed (e.g. in x-forwarded-xxx headers).
-	//
-	// Required: true
-	Header map[string][]string
-
-	// The HTTP request `Host` header value.
-	//
-	// Required: true
-	Host string
-
-	// Method
-	//
-	// Required: true
-	Method string
-
-	// The URL scheme, such as `http`, `https` or `gRPC`.
-	//
-	// Required: true
-	Scheme string
-
-	// The network protocol used with the request, such as "http/1.1",
-	// "spdy/3", "h2", "h2c", "webrtc", "tcp", "udp", "quic". See
-	// https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids
-	// for details.
-	//
-	// Required: true
-	Proto string
-
-	// The url
-	//
-	// Required: true
-	URL RequestUrl
-}
-
-type RequestUrl struct {
-
-	// The gRPC / HTTP URL path.
-	//
-	// Required: true
-	Path string
-
-	// The HTTP URL query in the format of "name1=value1&name2=value2", as it
-	// appears in the first line of the HTTP request.
-	// The input should be escaped to not contain any special characters.
-	//
-	// Required: false
-	RawQuery *string
-}

pkg/messaging/api/messaging.go

@@ -1,28 +0,0 @@
-package api
-
-import (
-	"context"
-)
-
-// Api is an abstraction for a messaging system that can be used to send
-// audit logs to the audit log system.
-type Api interface {
-
-	// Send method will send the given data to the specified topic synchronously.
-	//  Parameters:
-	//  * ctx - the context object
-	//  * topic - the messaging topic where to send the data to
-	//  * data - the serialized data as byte array
-	//  * contentType - the contentType of the serialized data
-	//  * applicationProperties - properties to send with the message (i.e. cloud event headers)
-	//
-	// It returns technical errors for connection issues or sending problems.
-	Send(ctx context.Context, topic string, data []byte, contentType string, applicationProperties map[string]any) error
-
-	// Close the underlying connection to the messaging system.
-	//  Parameters:
-	//  * ctx - the context object
-	//
-	// It returns an error if the connection cannot be closed successfully
-	Close(ctx context.Context) error
-}

proto/audit/v1/audit_event.proto

@@ -131,8 +131,7 @@ message AuditLog {
   // Required: true
   string service_name = 1 [
     (buf.validate.field).required = true,
-    (buf.validate.field).string.min_len = 1,
+    (buf.validate.field).string.min_len = 1
-    (buf.validate.field).string.pattern = ".*\\S.*"
   ];
 
   // The name of the service method or operation.
@@ -233,18 +232,17 @@ message AuthenticationInfo {
   // Required: true
   string principal_id = 1 [
     (buf.validate.field).required = true,
-    (buf.validate.field).string.min_len = 1,
+    (buf.validate.field).string.min_len = 1
-    (buf.validate.field).string.pattern = ".*\\S.*"
   ];
 
   // The email address of the authenticated user.
   // Service accounts have email addresses that can be used.
   //
-  // Required: false
+  // Required: true
-  optional string principal_email = 2 [
+  string principal_email = 2 [
-    (buf.validate.field).string.min_len = 5,
+    (buf.validate.field).required = true,
-    (buf.validate.field).string.max_len = 255,
+    (buf.validate.field).string.min_len = 1,
-    (buf.validate.field).string.email = true
+    (buf.validate.field).string.max_len = 255
   ];
 
   // The name of the service account used to create or exchange
@@ -327,7 +325,7 @@ message AttributeContext {
     // Required: true
     string principal = 1 [
       (buf.validate.field).required = true,
-      (buf.validate.field).string.pattern = "^[a-zA-Z0-9-%._]+/[a-zA-Z0-9-%.]+$"
+      (buf.validate.field).string.pattern = "^[a-zA-Z0-9-%.]+/[a-zA-Z0-9-%.]+$"
     ];
 
     // The intended audience(s) for this authentication information. Reflects
@@ -416,8 +414,7 @@ message AttributeContext {
     string path = 4 [
       (buf.validate.field).required = true,
       (buf.validate.field).string.min_len = 1,
-      (buf.validate.field).string.max_len = 255,
+      (buf.validate.field).string.max_len = 255
-      (buf.validate.field).string.pattern = ".*\\S.*"
     ];
 
     // The HTTP request `Host` header value.
@@ -425,8 +422,7 @@ message AttributeContext {
     // Required: true
     string host = 5 [
       (buf.validate.field).required = true,
-      (buf.validate.field).string.min_len = 1,
+      (buf.validate.field).string.min_len = 1
-      (buf.validate.field).string.pattern = ".*\\S.*"
     ];
 
     // The URL scheme, such as `http`, `https` or `gRPC`.
@@ -434,8 +430,7 @@ message AttributeContext {
     // Required: true
     string scheme = 6 [
       (buf.validate.field).required = true,
-      (buf.validate.field).string.min_len = 1,
+      (buf.validate.field).string.min_len = 1
-      (buf.validate.field).string.pattern = ".*\\S.*"
     ];
 
     // The HTTP URL query in the format of "name1=value1&name2=value2", as it
@@ -462,8 +457,7 @@ message AttributeContext {
     // Required: true
     string protocol = 9 [
       (buf.validate.field).required = true,
-      (buf.validate.field).string.min_len = 1,
+      (buf.validate.field).string.min_len = 1
-      (buf.validate.field).string.pattern = ".*\\S.*"
     ];
 
     // The request authentication.
@@ -527,8 +521,7 @@ message RequestMetadata {
   string caller_supplied_user_agent = 2 [
     (buf.validate.field).required = true,
     (buf.validate.field).string.min_len = 1,
-    (buf.validate.field).string.max_len = 255,
+    (buf.validate.field).string.max_len = 255
-    (buf.validate.field).string.pattern = ".*\\S.*"
   ];
 
   // This field contains request attributes like request url, time, etc.
@@ -584,8 +577,7 @@ message ServiceAccountDelegationInfo {
     // Required: true
     string principal_id = 1 [
       (buf.validate.field).required = true,
-      (buf.validate.field).string.min_len = 1,
+      (buf.validate.field).string.min_len = 1
-      (buf.validate.field).string.pattern = ".*\\S.*"
     ];
 
     // The email address of the authenticated user.
@@ -595,8 +587,7 @@ message ServiceAccountDelegationInfo {
     string principal_email = 2 [
       (buf.validate.field).required = true,
       (buf.validate.field).string.min_len = 1,
-      (buf.validate.field).string.max_len = 255,
+      (buf.validate.field).string.max_len = 255
-      (buf.validate.field).string.pattern = ".*\\S.*"
     ];
 
     // Metadata about the service that uses the service account.

sonar-project.properties

@@ -1,13 +0,0 @@
-sonar.projectKey=xx-sit-odj-sec-ident:audit-go
-sonar.host.url=https://sonarqube.schwarz
-sonar.projectName=audit-go
-sonar.sources=.
-sonar.exclusions=**/*_test.go,**/vendor/**,**/mocks/**,**/*.yml,**/gen/**, **/test/solace.go
-sonar.tests=.
-sonar.test.inclusions=**/*_test.go
-sonar.test.exclusions=**/vendor/**,**/mocks/**
-sonar.issuesReport.html.enable=true
-sonar.log.level=INFO
-sonar.go.coverage.reportPaths=out/cover.out
-sonar.go.tests.reportPaths=out/report.json
-sonar.go.golangci-lint.reportPaths=out/lint.xml